header-logo
Suggest Exploit
vendor:
Maximus 2008 CMS: Web Portal System
by:
eidelweiss
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Maximus 2008 CMS: Web Portal System
Affected Version From: Maximus 2008 CMS: Web Portal System (v.1.1.2)
Affected Version To: Maximus 2008 CMS: Web Portal System (v.1.1.2)
Patch Exists: NO
Related CWE: N/A
CPE: a:maximus_cms:maximus_2008_cms:1.1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Live site
2011

maximus-cms (fckeditor) Arbitrary File Upload Vulnerability

Maximus 2008 CMS: Web Portal System (v.1.1.2) is vulnerable to an arbitrary file upload vulnerability. An attacker can upload malicious files to the server by exploiting the vulnerability in the FCKeditor. The vulnerable file is uploadtest.html which is located in the path/html/FCKeditor/editor/filemanager/connectors/ directory. The uploaded files can be accessed from the /FCKeditor/upload/ directory. The configuration of the file uploader is enabled by default in the config.php file located in the /FCKeditor/editor/filemanager/connectors/php/ directory.

Mitigation:

Disable the file uploader in the config.php file located in the /FCKeditor/editor/filemanager/connectors/php/ directory.
Source

Exploit-DB raw data:

   |									     |	
  /|_________________________________________________________________________|\
 /									       \	
/===============================================================================\
|Exploit Title:	maximus-cms (fckeditor) Arbitrary File Upload Vulnerability	|
|develop:	http://www.php-maximus.org					|
|Version:	Maximus 2008 CMS: Web Portal System (v.1.1.2)			|
|Tested On:	Live site							|
|Dork:		use your skill and play your imagination :P			|
|Author:	eidelweiss							|
|contact:	eidelweiss[at]windowslive[dot]com				|
|Home:		http://www.eidelweiss.info					|
|										|
|										|
\===============================================================================/
/	NOTHING IMPOSSIBLE IN THIS WORLD EVEN NOBODY`s PERFECT			\
---------------------------------------------------------------------------------

|============================================================================================|
|Original advisories:									     |
|http://eidelweiss-advisories.blogspot.com/2011/01/maximus-cms-fckeditor-arbitrary-file.html |
|============================================================================================|

	exploit # path/html/FCKeditor/editor/filemanager/connectors/uploadtest.html

[!] first find the target host

	ex: www.site.com or www.target.com/maximus

	then # http://site.com/FCKeditor/editor/filemanager/connectors/uploadtest.html#

[!] select # "php" as "File Uploader" to use... and select "file" as Resource Type

[!] Upload There Hacked.txt or whatever.txt  And Copy the Output Link or

[!] after upload without any errors your file will be here: /FCKeditor/upload/

		ex: http://site.com//FCKeditor/upload/whatever.txt


NB: remote shell upload also possible !!!

Read the config.php file in "/FCKeditor/editor/filemanager/connectors/php/"

----------
$Config['Enabled'] = true ;	// <=


// Path to user files relative to the document root.
$Config['UserFilesPath'] = '/FCKeditor/upload/' ;
----------

and also $Config['AllowedExtensions']['File']

with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn't properly checked


=========================| -=[ E0F ]=- |=================================

Navigation

Suggest Exploit

Services By CQR