exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Maximus 2008 CMS Shell Upload

Maximus 2008 CMS Shell Upload
Posted Jan 10, 2011
Authored by eidelweiss

Maximus 2008 CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | d7a1f1e99a80573e7de6e5505c2c352e502c1396a38947d17daef42acf1afc08

Maximus 2008 CMS Shell Upload

Change Mirror Download
####################################################################
maximus-cms (fckeditor) Arbitrary File Upload Vulnerability
####################################################################


____ __ __ __
/\ _`\ /\ \ __ /\ \__/\ \
\ \ \L\_\__ __ ___\ \ \/'\ /\_\ ___ __ \ \ ,_\ \ \___ __
\ \ _\/\ \/\ \ /'___\ \ , < \/\ \ /' _ `\ /'_ `\ \ \ \/\ \ _ `\ /'__`\
\ \ \/\ \ \_\ \/\ \__/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\ __/
\ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\
\/_/ \/___/ \/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/
/\____/
\_/__/
__ __ __ ______ Author:eidelweiss
/\ \ __/\ \ /\ \ /\ _ \
\ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \ _____ _____ ____
\ \ \ \ \ \ \ /'__`\ \ '__`\ \ \ __ \/\ '__`\/\ '__`\ /',__\
\ \ \_/ \_\ \/\ __/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, `\
\ `\___x___/\ \____\\ \_,__/ \ \_\ \_\ \ ,__/\ \ ,__/\/\____/
'\/__//__/ \/____/ \/___/ \/_/\/_/\ \ \/ \ \ \/ \/___/
\ \_\ \ \_\
\/_/ \/_/


| |
/|_________________________________________________________________________|\
/ \
/===============================================================================\
|Exploit Title: maximus-cms (fckeditor) Arbitrary File Upload Vulnerability |
|develop: http://www.php-maximus.org |
|Download: http://ftp1.toocharger.com/scgdnLI/maximus-cms-2008_5129.zip |
|Version: Maximus 2008 CMS: Web Portal System (v.1.1.2) |
|Tested On: Live site |
|Dork: use your skill and play your imagination :P |
|Author: eidelweiss |
|contact: eidelweiss[at]windowslive[dot]com |
|Home: http://www.eidelweiss.info |
| |
| |
\===============================================================================/
/ NOTHING IMPOSSIBLE IN THIS WORLD EVEN NOBODY`s PERFECT \
---------------------------------------------------------------------------------

|============================================================================================|
|Original advisories: |
|http://eidelweiss-advisories.blogspot.com/2011/01/maximus-cms-fckeditor-arbitrary-file.html |
|============================================================================================|

exploit # path/html/FCKeditor/editor/filemanager/connectors/uploadtest.html

[!] first find the target host

ex: www.site.com or www.target.com/maximus

then # http://site.com/FCKeditor/editor/filemanager/connectors/uploadtest.html#

[!] select # "php" as "File Uploader" to use... and select "file" as Resource Type

[!] Upload There Hacked.txt or whatever.txt And Copy the Output Link or

[!] after upload without any errors your file will be here: /FCKeditor/upload/

ex: http://site.com//FCKeditor/upload/whatever.txt


NB: remote shell upload also possible !!!

Read the config.php file in "/FCKeditor/editor/filemanager/connectors/php/"

----------
$Config['Enabled'] = true ; // <=


// Path to user files relative to the document root.
$Config['UserFilesPath'] = '/FCKeditor/upload/' ;
----------

and also $Config['AllowedExtensions']['File']

with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn't properly checked


=========================| -=[ E0F ]=- |=================================
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close