FCKEditor ASP Version 2.6.8 File Upload Protection Bypass

Trang chủ » ASP.NET » Bypass » Exploit » Upload » FCKEditor ASP Version 2.6.8 File Upload Protection Bypass

FCKEditor ASP Version 2.6.8 File Upload Protection Bypass

- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass

- Credit goes to: Mostafa Azizi, Soroush Dalili

- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/

- Description:

There is no validation on the extensions when FCKEditor 2.6.8 ASP version is

dealing with the duplicate files. As a result, it is possible to bypass

the protection and upload a file with any extension.

- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/

- Solution: Please check the provided reference or the vendor website.