By:追心
漏洞说明:
Mathew Callingham Associatess是一款基于PHP+MYSQL的内容管理系统,由于Mathew Callingham Associatess 3.x.x集成了fckeditor编辑器,导致也继承了fckeditor的上传漏洞,另外该系统还存在sql注入漏洞。
漏洞类型:
fckeditor漏洞、上传漏洞、sql注入、sql盲注、脚本注入、注入漏洞
谷歌关键词:
Designed by Mathew Callingham Associates
漏洞测试:
https://lcx.cc/admin/editor/filemanager/upload/test.html
https://lcx.cc/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
管理后台:
https://lcx.cc/admin/
sql注入漏洞:
https://lcx.cc/viewclassified.php?classified=[SQL]
http://www.carpfishingtips.co.uk/viewclassified.php?classified=15 [SQL]