This is a writeup describing a remote arbitrary file upload vulnerability in Geeklog <= v1.6.0sr1 due to insecure default FCKeditor configuration. It provides details on how to exploit the vulnerability to upload files and host them on the target server.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:Geeklog <= v1.6.0sr1
No auth needed
Prerequisites:Access to the FCKeditor interface via the provided URL