Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

Comments last 2 weeks

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

Downloads last 2 weeks

No new files

Welcome to Geeklog Saturday, August 27 2016 @ 05:51 am EDT

Exploit for FCKeditor's mcpuk file manager

Security
  • Contributed by:
  • Views:
    29,023

While yesterday's exploit only affected incorrect Geeklog installs, this new one is more serious:

An exploit has been posted for the "mcpuk" file manager that we're shipping with FCKeditor in Geeklog 1.4.0. The exploit allows an attacker to upload and execute arbitrary code.

While FCKeditor is not enabled by default, this exploit works even when FCKeditor is disabled, as it calls the vulnerable file directly. So it is not enough to disable FCKeditor in config.php.

If you don't plan to use FCKeditor on your site, you can simply remove the entire 'fckeditor' subdirectory (from Geeklog's public_html). Otherwise, you will have to remove the file manager as explained below ...

To remove the file manager, go to the 'fckeditor/editor' directory (again, in Geeklog's 'public_html' directory) and remove the entire 'filemanager' subdirectory. Then, you should disable the file manager in the FCKeditor configuration file, 'fckconfig.js'. It contains the following three options, all of which should be set to "false" to disable the file manager:

FCKConfig.LinkBrowser = false;
(...)
FCKConfig.ImageBrowser = false;
(...)
FCKConfig.FlashBrowser = false;

Next, you should check if anyone managed to upload malicious code to your site. Check the four subdirectories below 'images/library' (named 'File', 'Flash', 'Image', and 'Media') for suspicous files, i.e. ones that you didn't upload yourself. The published exploit uses files whos names contains 'suntzu' - remove those.

After these changes, FCKeditor should continue to work, but you won't be able to upload files with it. If you'd rather have the upload capabilities back, you could upgrade to the recently released FCKeditor 2.3 (instructions can be found in the forum).

Trackback

Trackback URL for this entry:
https://www.geeklog.net/trackback.php/exploit-for-fckeditor-filemanager
  • New Geeklog Exploit from Media Gallery Support
  • Tracked on Friday, June 30 2006 @ 09:27 am EDT

There have been a couple of new Geeklog exploits released into the wild and in the hands of script kiddies everywhere! We are already seeing hundreds of attempts each day in the logs here. Please see this article at the main Geeklog Site for more info. [read more]

The following comments are owned by whomever posted them. This site is not responsible for what they say.

  • Exploit for FCKeditor's mcpuk file manager
  • Authored by:Dkeyy on Monday, June 23 2008 @ 01:49 am EDT
Thanks so much for this! This is exactly what I was looking for
  • Exploit for FCKeditor's mcpuk file manager
  • Authored by:Anonymous on Friday, April 16 2010 @ 12:08 am EDT
Delete functions can be easily implement by making the following changes http://www.itjungles.com/dotnet/how-to-delete-uploaded-file-from-fckeditor