Webportal CMS versions 0.7.4 and below suffer from an arbitrary file upload vulnerability.
cd3b37db00371520e3171d5bf83c480a8b29893295fc218e548f6a5cf8547d57########################################################################
#
# S.W.A.T.
#
# Title: WebPortal <= 0.7.4 (fckeditor) Remote Arbitrary File Upload
#
# Vendor: http://webportal.ivanoculmine.com/download.php?mid=14
#
# Discover by : S.W.A.T.
#
# svvateam@yahoo.com
#
# Impact: Medium
#
# Fix: Disable It In The Config File ;)
#
# Site: wWw.SvvaT.IR
#
########################################################################
####################
- Exploit:
####################
http://example.com/[path]/libraries/htmleditor/editor/filemanager/upload/test.html
####################
- Demo:
####################
http://demos.ivanoculmine.com/webportal/libraries/htmleditor/editor/filemanager/upload/test.html
####################
- Solution:
####################
Restrict and grant only trusted users access to the resources.
####################
- GreTzZ :
####################
All My Friend's , Str0ke
####################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed