Maximus CMS (fckeditor) Arbitrary File Upload Vulnerability

Posted: February 23, 2011 by Hacking & Relax in exploit

exploit # path/html/FCKeditor/editor/filemanager/connectors/uploadtest.html

[!] first find the target host

ex: or

then #

[!] select # “php” as “File Uploader” to use… and select “file” as Resource Type

[!] Upload There Hacked.txt or whatever.txt And Copy the Output Link or

[!] after upload without any errors your file will be here: /FCKeditor/upload/


NB: remote shell upload also possible !!!

Read the config.php file in “/FCKeditor/editor/filemanager/connectors/php/”

$Config[‘Enabled’] = true ; // <=

// Path to user files relative to the document root.
$Config[‘UserFilesPath’] = ‘/FCKeditor/upload/’ ;

and also $Config[‘AllowedExtensions’][‘File’]

with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn’t properly checked


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s