WordPress EditorMonkey (FCKeditor) Remote File Upload

vendor:

WordPress EditorMonkey (FCKeditor)

by:

kaMtiEz

9.3

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: WordPress EditorMonkey (FCKeditor)

Affected Version From: 2.5

Affected Version To: 2.5

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

WordPress EditorMonkey (FCKeditor) Remote File Upload

This vulnerability allows an attacker to upload arbitrary files to the vulnerable WordPress EditorMonkey (FCKeditor) plugin. The vulnerability exists due to insufficient validation of the file type when uploading files. An attacker can exploit this vulnerability by uploading a malicious file to the vulnerable plugin. Successful exploitation of this vulnerability can result in arbitrary code execution on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the plugin.

Source

Exploit-DB raw data:

#############################################################################################################
## WordPress EditorMonkey (FCKeditor) Remote File Upload			                                       ##
## Author : kaMtiEz (kamtiez@exploit-id.com)								                               ##
## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id	       ##
## Date : 14 May, 2011 						                                                               ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://rajprasad.wordpress.com/plugins/editormonkey/
[+] Download : http://www.kumovies.com/wp-content/plugins/editormonkey.tar.gz
[+] version : 2.5 or lower maybe also affected
[+] Vulnerability : File Upload
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html

[ Shell ]

http://127.0.0.1/[kaMtiEz]/UserFiles/YourFile.txt

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9
[+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack
[+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,El k4mpr3t0
[+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D

[ NOTE ] 

[+] For Wantexz .. Get Well Soon My Friends :) 
[+] Special Thx to my brotherhood in DejavuNet :D  
[+] Jangan Takut , Luka Pasti Akan Sembuh :)

[ QUOTE ]

[+] INDONESIANHAXOR still r0x
[+] nothing secure ..