Monday, May 21, 2012

From LOW to PWNED [10] Honorable Mention: FCKeditor


Post [10] Honorable Mention: FCKeditor

FCKeditor is bundled with seems-like everything (ColdFusion, Drupal plugins, WordPress plugins, other random CMSs) and has probably been responsible for countless hacks via file upload issues.

Examples:

http://www.exploit-db.com/exploits/12697/
http://www.exploit-db.com/exploits/15484/
http://www.exploit-db.com/exploits/17644/

Big O'l list on Exploit-DB

CVEdetails on FCKeditor.

LOW?

Actually most FCKeditors checks in Nessus I found were either Medium or High (hence honorable mention and not in the talk).



There is a good write-up of a classic case of FCKEditor abuse here:

http://secureyes.net/nw/assets/File-Upload-Vulnerability-in-FCKEditor.pdf

Google Dorks


inurl:/editor/filemanager/browser/default/connectors/[LANGUAGE]/connector.php

CG

No comments: