--- RunCMS <= 1.3a2 remote code execution ------------------------------------ software: site: http://www.runcms.org/public/modules/news/ description: "RUNCMS (E-Xoops) is a extensible content management system based on the v1 core of Xoops" ------------------------------------------------------------------------------ vulnerability: a user can upload a .php3 or .php5 file through the integrated FCKEditor package (calling directly the connector.php script) and execute arbitrary code & operating system commands on target machine proof of concept exploit here: i) http://retrogod.altervista.org/runcms_13a_xpl.html (also this exploits a not documented arbitrary remote inclusion issue in runcms <=1.2) ii) http://retrogod.altervista.org/fckeditor_22_xpl.html (this a generic exploit for FCKEditor 2.0 <= 2.2) ------------------------------------------------------------------------------ rgod site: http://retrogod.altervista.org mail: rgod at autistici org ------------------------------------------------------------------------------
