TinyMCE Image Manager Arbitrary File Uploading exploit (C) 2013 MustLive. http://websecurity.com.ua

Hello list! These are Arbitrary File Uploading and Cross-Site Scripting vulnerabilities in TinyMCE Image Manager plugin for TinyMCE. ------------------------- Affected products: ------------------------- Vulnerable are TinyMCE Image Manager 1.1 and previous versions. ------------------------- Affected vendors: ------------------------- Dustweb http://dustweb.ru/projects/tinymce_images/ ---------- Details: ---------- Arbitrary File Uploading (WASC-31): The attack is possible via "1.asp" in folder name. This is bypass method for executing arbitrary code at IIS web server. TinyMCE Image Manager AFU.html TinyMCE Image Manager Arbitrary File Uploading exploit (C) 2013 MustLive. http://websecurity.com.ua Cross-Site Scripting (WASC-08): This is persistent XSS on Linux/Unix and reflected XSS on Windows. The code will execute just after sending request for creating a folder and later on at requests to connector (at any operations, except creating a folder with existent name). TinyMCE Image Manager XSS.html TinyMCE Image Manager XSS exploit (C) 2013 MustLive. http://websecurity.com.ua ------------ Timeline: ------------ 2013.05.22 - announced at my site. 2013.05.23 - informed developer. 2013.07.18 - disclosed at my site (http://websecurity.com.ua/6527/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua