WebPortal - exploit.company

vendor:

WebPortal

by:

S.W.A.T.

6.4

CVSS

MEDIUM

Remote Arbitrary File Upload

434

CWE

Product Name: WebPortal

Affected Version From: 2000.7.4

Affected Version To: 2000.7.4

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WebPortal <= 0.7.4 (fckeditor) Remote Arbitrary File Upload

A vulnerability exists in WebPortal version 0.7.4 and earlier, which allows remote attackers to upload arbitrary files via the fckeditor component. An attacker can exploit this issue to upload malicious files and execute arbitrary code on the vulnerable system.

Mitigation:

Restrict and grant only trusted users access to the resources.

Source

Exploit-DB raw data:

########################################################################
#
#                                 S.W.A.T.
#
# Title: WebPortal <= 0.7.4 (fckeditor) Remote Arbitrary File Upload
#
# Vendor: http://webportal.ivanoculmine.com/download.php?mid=14
#
# Discover by : S.W.A.T.
#
# svvateam@yahoo.com
#
# Impact: Medium
#
# Fix: Disable It In The Config File ;)
#
# Site: wWw.SvvaT.IR
#
########################################################################

####################
- Exploit:
####################

http://example.com/[path]/libraries/htmleditor/editor/filemanager/upload/test.html

####################
- Demo:
####################

http://demos.ivanoculmine.com/webportal/libraries/htmleditor/editor/filemanager/upload/test.html

####################
- Solution:
####################

Restrict and grant only trusted users access to the resources.

####################
- GreTzZ :
####################

All My Friend's , Str0ke

####################

# milw0rm.com [2008-09-12]