filemanager File Upload vulnerability

2020.05.03
au h4shur (AU) au
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-434
Dork: inurl:/ckeditor/filemanager/

[+] Title: filemanager File Upload vulnerability [+] Date: 2020-05-02 [+] Author : h4shur [+] Tested on: Windows 10 & Google Chrome [+] Version : All Versions [+] Category : Web Application Bugs [+] Vulnerable File: index.html?CKEditor= [+] Dorks: inurl:/ckeditor/filemanager/ inurl:/ckeditor/filemanager/index.html?CKEditor= ### Note: * In previous exploits that I or his friends had discovered, all vulnerabilities were first in the (html) folder, then in the (js) folder, and then in the (editor) folder. It should be noted, however, that this vulnerability does not exist in similar CMSs such as Life Ray, and it does exist in other CMSs that can be accessed by Google Dork on sites affected by this vulnerability. To be obtained. * Regarding this vulnerability, I have discovered several vulnerabilities in this CMS that can lead to file uploads through which the attacker can execute all his malicious code. Which eventually leads to damage to the site and the server. * If you're careful, it's in the FCKeditor folder found by friends, and in the CKeditor folder I found. This exploitation has been tested in all versions of the cms, and the file can be uploaded to all tested sites. * exploits found by friends ("FCKeditor" folder note): /html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html * exploits found by me (see "CKeditor" folder): /html/js/editor/ckeditor/editor/filemanager/browser/liferay/browser.html /html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html * Newly discovered exploits (see "CKeditor" folder)(Go to the "html", "js" folders and then "edit" the folder folders, you'll see that they don't exist and there isn't even a LifeRay name.): /ckeditor/filemanager/index.html?CKEditor= /ckeditor/filemanager/connectors/test.html /ckeditor/filemanager/connectors/uploadtest.html /ckeditor/filemanager/browser/default/browser.html * This CMS allows the attacker to upload or transfer files of dangerous types that can be automatically processed in the product environment. Uploaded files pose significant risks to applications. ### POC: [+] Exploit 1 : site.com/ckeditor/filemanager/index.html?CKEditor= [+] Exploit 2 : site.com/ckeditor/filemanager/connectors/test.html [+] Exploit 3 : site.com/ckeditor/filemanager/connectors/uploadtest.html [+] Exploit 4 : site.com/ckeditor/filemanager/browser/default/browser.html ### Contact Me : * Telegram : @h4shur * Email : h4shursec@gmail.com * Instagram : @netedit0r * twitter : @h4shur


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top