Security FCKeditor ADS File Upload Vulnerability

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donat-o-Meter Stats
December´s Goal:	$300.00
Due Date:	Dec 31
Net Balance:	$0.00
Left to go:	$300.00

Donations

Please Link To Me!

Services Available

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or PhpNuke?

Need help customizing or designing scripts?

Please contact me via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Verse of the Day

FCKeditor ADS File Upload Vulnerability - Windows Only

SECUNIA ADVISORY ID: SA25719

VERIFY ADVISORY: http://secunia.com/advisories/25719/

CRITICAL: Moderately critical

IMPACT: Security Bypass

WHERE: >From remote

SOFTWARE: FCKeditor 2.x - http://secunia.com/product/7973/

DESCRIPTION: A vulnerability has been discovered in FCKeditor, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the file upload functionality. This can be exploited to bypass the file extension filter and upload files with arbitrary extensions by using the NTFS Alternate Data Stream (ADS) as the filename, e.g. "file.php::$DATA". Successful exploitation requires that an NTFS file system is used and that file uploads have been enabled in the "config.php" configuration file (not enabled by default). The vulnerability is confirmed in version 2.4.3 using the PHP file uploader.

SOLUTION: Disable file uploads in config.php. Grant only trusted user access to the application.

PROVIDED AND/OR DISCOVERED BY: Michael Schramm

ORIGINAL ADVISORY: http://ha.ckers.org/blog/20070606/additional-image-bypass-on-windows/

Posted on Monday, June 18, 2007 @ 15:38:59 EDT by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

Re: FCKeditor ADS File Upload Vulnerability - Windows Only (Score: 1)
by kguske on Tuesday, June 19, 2007 @ 08:03:50 EDT
Not registered user

Although this was tested in version 2.4.3 (released 6/14/2007) , it shouldn't affect RavenNuke users using nukeWYSIWYG (currently using version 2.3.2) as uploads are only allowed for admins.

On the subject of 2.4.3, there are a few (literally 3) enhancements and a slew of fixes in this version. We hope to evaluate this version (or a corrected version to address this reported vulnerability) soon.

Re: FCKeditor ADS File Upload Vulnerability - Windows Only (Score: 1)
by redhairz on Tuesday, June 26, 2007 @ 16:40:15 EDT
Not registered user

hi kguske sorry to trouble you, can you check for me? cos i am using rn with the 2.2 that comes in the Experimental folder of the rnnuke is that safe?

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2008 by Raven
Proud to be listed at Lobo Links Web Directory

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional Compliance by Raven and 64bitguy ::
::