SweetRice Remote File Upload

SweetRice Remote File Upload: Posted Jul 3, 2010; Authored by ItSecTeam; SweetRice versions prior to 0.6.4 suffer from an arbitrary remote file upload vulnerability.; tags | exploit, remote, arbitrary, file upload; SHA-256 | b284aa1e09344153fe7294ffa26387907d7e0a8820af88b2469cabade86ba107; Download | Favorite | View

SweetRice Remote File Upload

##############################################################################
#Title:             SweetRice < 0.6.4 (fckeditor) Remote File Upload         #
#Vendor:            http://www.basic-cms.org                                 #
#Dork:              "Powered By Basic CMS SweetRice"                         #
##############################################################################
#AUTHOR:            ITSecTeam                                                #
#Email:             Bug@ITSecTeam.com                                        #
#Website:           http://www.itsecteam.com                                 #
#Forum :            http://forum.ITSecTeam.com                               #
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability56.htm #
#Thanks:            r3dm0v3,Mehr@n.s,Pejvak,am!rkh@n                         #
##############################################################################

#DESCRIPTION (by vendor):#####################################################
SweetRice is a most simple program for website management.Perfect support web 
standards,easy to setup and use.best value is SEO.Support 3 kinds of 
database:Mysql,Sqlite,PostgreSql,support database time line.


#BUG:#########################################################################
file /_plugin/fckeditor/editor/filemanager/connectors/php/config.php:
 125: $Config['AllowedExtensions']['File']  = array('7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif', 'gz', 'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif', 'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip') ;
 126: $Config['DeniedExtensions']['File']    = array() ;

its not possible to upload shells but remote user can upload files with definned extensions without authentication.


#EXPLOIT:####################################################################
http://site.com/_plugin/fckeditor/editor/filemanager/connectors/test.html

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

SweetRice Remote File Upload

SweetRice Remote File Upload

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SweetRice Remote File Upload

Share This

SweetRice Remote File Upload

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems