Exploitation Summary
EIP tracks 3 public exploits for CVE-2006-3362. PoCs published by Stack, rgod.
AI-analyzed exploit summary This exploit targets a file upload vulnerability in WeBid v0.5.4's FCKeditor component, allowing arbitrary PHP file upload by bypassing extension checks. It uploads a malicious PHP shell disguised with allowed extensions (e.g., .swf, .doc) and provides interactive command execution.
Description
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
Exploits (3)
This exploit targets a file upload vulnerability in WeBid v0.5.4's FCKeditor component, allowing arbitrary PHP file upload by bypassing extension checks. It uploads a malicious PHP shell disguised with allowed extensions (e.g., .swf, .doc) and provides interactive command execution.
This exploit targets ToendaCMS <= 1.0.0 by uploading a malicious PHP file disguised as an allowed file type via the FCKeditor file upload functionality. It then executes arbitrary commands by sending a crafted GET request with the command embedded in a cookie.
This exploit targets Geeklog <= 1.4.0sr3 by uploading a malicious PHP file via the unprotected FCKeditor connector. It achieves remote command execution by leveraging a file upload vulnerability in the 'mcpuk' connector.