[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87

Software : eFileman
Version : 7.x (tested on
Found by : Xcross87

A. Remote File Upload Vulnerability :

Xploit :


The uploaded files are stored in :

B. Direct Access or Download Configuration File
Xploit :
http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user information

C. FCKEditor Inclusion.
For full pack of eFileman installation including FCKEditor, attacker can up shell through upload vulnerability of FCK

=== Xcross87 | HCETeam Xploiter ===