| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071023172633.7837.qmail@securityfocus.com> Date: 23 Oct 2007 17:26:33 -0000 From: pete.houston.17187@...il.com To: bugtraq@...urityfocus.com Subject: [Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 Software : eFileman Version : 7.x (tested on 7.1.0.87-88) Found by : Xcross87 A. Remote File Upload Vulnerability : Xploit : http://victim.com/[path]/upload.html http://victim.com/[path]/cgi-bin/efileman/upload.cgi The uploaded files are stored in : http://victim.com/[path]/uploads/upload_file.xxx B. Direct Access or Download Configuration File Xploit : http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user information C. FCKEditor Inclusion. For full pack of eFileman installation including FCKEditor, attacker can up shell through upload vulnerability of FCK === Xcross87 | HCETeam Xploiter ===
Powered by blists - more mailing lists