[+] Title: LifeRay File Upload (CKEditor Vulnerable) [+] Date: 2020-04-20 [+] Author: h4shur [+] team : Persian Security Group [+] Vendor Homepage: www.liferay.com [+] Software Link: www.liferay.com [+] Tested on: Windows 10 & Google Chrome [+] Version : All Versions [+] Category : Web Application Bugs [+] Vulnerable File: /browser.html [+} Dork : inurl:/ckeditor/editor/filemanager/ ### POC: [+] Exploit : site.com/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html ### Note: * If you are careful, in the exploit that friends find, it is in the folder (FCKeditor) and the exploit that I found is in the folder (CKeditor). This exploit has been tested in all versions of LifeRay and the file can be uploaded in all tested sites. * Exploits found by friends (note the folder "FCKeditor"): /html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html * Newly discovered exploits (see folder "CKeditor"): /html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html * LifeRay allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications. ### Demo: [+] http://assol-express.vetrf.ru/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html [+] https://vyvchay.com/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html [+] https://www.primar.org/html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html ### Special Thanks: * Po0ri4 & b4ckdo0r ### Contact Me : * Telegram : @h4shur * Email : h4shursec@gmail.com * Instagram : @netedit0r * twitter : @h4shur