[+] Title: LifeRay (Fckeditor) Arbitrary File Upload Vulnerability [+] Date: 2018/05/05 [+] Author: Mostafa Gharzi [+] Team: Maher - CertCC.ir [+] Vendor Homepage: www.liferay.com [+] Tested on: Windows 10 & Kali Linux [+] Versions: 6.2.X and Before [+] Vulnerable Parameter: Get Method [+] Vulnerable File: /browser/liferay/browser.html?Type= [+} Dork : inurl:/web/guest/ inurl:/html/js/editor/fckeditor/ ### Notes: LifeRay 6.2.X and Before allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored. ### POC: [+] http://site/html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html ### Credit: [+] CertCC.ir