KCFinder 2.53 Shell Upload vulnerability

By |April 2nd, 2014|

Exploit Title : KCFinder Upload Shell Vulnerability
Date : 24/04/2014
Google Dork : inurl:/kcfinder/browse.php
Exploit Author : Iranian_Dark_Coders_Team
Home : http://www.idc-team.net
Discovered By : Black.Hack3r
Vendor Homepage : http://kcfinder.sunhater.com/
Version : 2.51 – 2.53
Tested on : Windows 8 & Linux

Events location bug:
http://[localhost]/[path]/kcfinder/config.php
Line 51: ‘deniedExts’ => “exe com msi bat php phps phtml php3 php4 cgi pl”,

Exploit:
http://[localhost]/kcfinder/browse.php
http://[localhost]/[path]/kcfinder/browse.php
Proof:

STEP 1: Go to target link
http://localhost/KCFinder/browse.php

STEP […]