Ardhas Technology (Fckeditor) Arbitrary File Upload Vulnerability

2015.12.17
Credit: Malw4r3
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/ !*! Exploit Title : Ardhas Technology (Fckeditor) Arbitrary File Upload Vulnerability !*! Exploit Author : Malw4r3 !*! Vendor Homepage : http://www.ardhas.com/ !*! Date: 12/17/2015 !*! Tested On : Linux , Windows /*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/ !*! exploit => config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! select => Select the "File Uploader"> php ... upload to : Uploaded File URL: !*! Demo(s) Site : !*! http://roiramallaXh.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.indeXmbassy.co.il//config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! https://www.hcXilondon.in/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! https://www.pminewyorXk.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.indianembXassy.at//config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! https://www.hcisingaXpore.gov.in/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.indembXassysuriname.com/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.cgimuXnich.com/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.indiaXnembassy.am/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.cgieXdinburgh.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! https://www.inXdianembassy.se/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! https://www.cXgifrankfurt.de/config/fckeditor/editor/filemanager/connectors/uploadtest.html !*! http://www.iXndianembassythimphu.bt/config/fckeditor/editor/filemanager/connectors/uploadtest.html /*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top