Sunday, 19 January 2014

CMS HTMLEDITOR : FCKeditor - File Upload Vulnerability




Finding Vulnerable Target

Dork : inurl:"/HTMLEditor/editor/filemanager/connectors/"

1- Copy and paste the dork on Google and choose any site

2- Once you have click the site, this will comes up on your screen,




Exploiting Target


1- Click whether on test.html or uploadtest.html and you will get the upload form. Change the asp to php




2- File type that allowed to be uploaded is .jpg or .txt . Maybe there is a chance to upload your deface script.html using tamper data.

3- Choose your file to upload, and then click Send it to server

4- The uploaded file URL will be shown in the column


5- Copy that path and paste in the url and you will see your file.

Example:

http://thymeoncavill.com.au/CMS/HTMLEditor/editor/filemanager/connectors/uploadtest.html

to

http://thymeoncavill.com.au//CMS//files/wew.txt


That's all my tutorial :D hope you enjoy it :)