[+] Title: LifeRay (Fckeditor) Arbitrary File Upload Vulnerability
[+] Date: 2018/05/05
[+] Author: Mostafa Gharzi
[+] Team: Maher - CertCC.ir
[+] Vendor Homepage: www.liferay.com
[+] Tested on: Windows 10 & Kali Linux
[+] Versions: 6.2.X and Before
[+] Vulnerable Parameter: Get Method
[+] Vulnerable File: /browser/liferay/browser.html?Type=
[+} Dork : inurl:/web/guest/
inurl:/html/js/editor/fckeditor/
### Notes:
LifeRay 6.2.X and Before allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement. It depends on what the application does with the uploaded file and especially where it is stored.
### POC:
[+] http://site/html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html
### Credit:
[+] CertCC.ir