GoogleCodeExporter
commented
8 years ago David, are you able to verify this one?Original comment by designfr...@gmail.com on 6 Jun 2008 at 9:43
Open GoogleCodeExporter opened 8 years ago
GoogleCodeExporter
commented
8 years ago David, are you able to verify this one?Original comment by designfr...@gmail.com on 6 Jun 2008 at 9:43
GoogleCodeExporter
commented
8 years ago whoa!
Just had a look at it, trying to make sense of it. Original comment by mailmeyo...@gmail.com on 9 Jun 2008 at 11:01
GoogleCodeExporter
commented
8 years ago You're using an outdated version of FCKeditor. v2.6.5 will be released shortly,
update your local copy when it is... or consider switching to TinyMCE.Original comment by dgu...@gmail.com on 23 Jun 2009 at 8:21
GoogleCodeExporter
commented
8 years ago The script is still vulnerable:
http://code.google.com/p/cmsfromscratch/source/browse/trunk/cms113/cms/FCKeditor
/editor/filemanager/connectors/php/config.php#60
My poc still work due to $Config['AllowedExtensions']['File'] contains also php
extension, and this array used in IsAllowedExt() function to check the file's
extension.
So anyone could be upload any php code!
Original comment by n0b0d...@gmail.com on 23 Jun 2009 at 9:03
Original issue reported on code.google.com by
n0b0d...@gmail.comon 29 May 2008 at 11:22