Opened 11 years ago

Closed 11 years ago

#2676 closed Bug (invalid)

FCKeditor 2.6.3 Directory Traversal

Reported by: Christian Foronda Owned by:
Priority: Must have (possibly next milestone) Milestone:
Component: File Browser Version: FCKeditor 2.6.3
Keywords: Cc:

Description

You may upload files and create folders without logging in the admin page. The bug can be exploited by uploading arbitrary script files (e.g. backdoor to the system) and execute it.

The files and folders that are created via this bug have the permission of "777".

example: http://yoursite.com/mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/php/connector.php

Tested in:
CentOS-5.2
httpd-2.2.3
php-5.1.6
mysql-5.0.45
Joomla-1.0.15

Tried to install the nightly build but I guess it's for Joomla 1.5?

Change History (1)

comment:1 Changed 11 years ago by Alfonso Martínez de Lizarrondo

Milestone: FCKeditor 2.6.4
Resolution: invalid
Status: newclosed

This is a problem in one integration of FCKeditor with Joomla. The default FCKeditor comes with the connectors disabled and states that before enabling it, proper security should be taken into account.

I've filed a bug about this issue many months ago, but it seems that they don't care.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy