CMS HTMLEDITOR : FCKeditor - File Upload Vulnerability

Finding Vulnerable Target

Dork : inurl:"/HTMLEditor/editor/filemanager/connectors/"

1- Copy and paste the dork on Google and choose any site

2- Once you have click the site, this will comes up on your screen,

Exploiting Target

1- Click whether on test.html or uploadtest.html and you will get the upload form. Change the asp to php

2- File type that allowed to be uploaded is .jpg or .txt . Maybe there is a chance to upload your deface script.html using tamper data.

3- Choose your file to upload, and then click Send it to server

4- The uploaded file URL will be shown in the column

5- Copy that path and paste in the url and you will see your file.

Example:

http://thymeoncavill.com.au/CMS/HTMLEditor/editor/filemanager/connectors/uploadtest.html

to

http://thymeoncavill.com.au//CMS//files/wew.txt


That's all my tutorial :D hope you enjoy it :)