[Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 Oct 23 2007 05:26PM
pete houston 17187 gmail com
Software : eFileman

Version : 7.x (tested on

Found by : Xcross87

A. Remote File Upload Vulnerability :

Xploit :



The uploaded files are stored in :


B. Direct Access or Download Configuration File

Xploit :

http://victim.com/[path]/cgi-bin/efileman/efileman_config.pm <-- check user information

C. FCKEditor Inclusion.

For full pack of eFileman installation including FCKEditor, attacker can up shell through upload vulnerability of FCK

=== Xcross87 | HCETeam Xploiter ===

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus