[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Hustoj is HUST ACM OnlineJudge "fckeditor" file upload security issue
From: eidelweiss@xxxxxxxxxxxxxxxxx
Date: Sat, 22 May 2010 07:15:52 -0600

Description
A security issue has been discovered in Hustoj is HUST ACM OnlineJudge, which 
can be exploited by malicious people to bypass certain security restrictions.

Access to the enabled FCKeditor component is not properly restricted, which can 
be exploited to e.g upload files of certain types.

original advisories and exploit code available here:
http://eidelweiss-advisories.blogspot.com/2010/05/hustoj-fckeditor-remote-arbitrary-file.html

Prev by Date: Sun Solaris 10 ftpd Cross-site request forgery
Next by Date: Vulnerabilities in DS-Syndicate for Joomla
Previous by thread: Sun Solaris 10 ftpd Cross-site request forgery
Next by thread: Vulnerabilities in DS-Syndicate for Joomla
Index(es):
- Date
- Thread