File Path Traversal (RFI) in fckeditor plugin

FCKeditor is a lightweight text editor to be used in web pages and upload file too.

let’s start

1-using this dork inurl /editor/filemanager/connectors/test.html

2-you must know which programming languages ​​was the site programmed?

then choose programming languages from Connector:

and web server too

for example website in poc that i will attach it using ASP.Net

then click on Get Folders and Files

3-you can put partition name if website host in windows server

https://target.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=C:/ >>>>>>(windows server)

note:-

c:/inetpub/wwwroot/target/web.config = https://target.com/web.config

if you use this payload

?Command=GetFoldersAndFiles&Type=File&CurrentFolder=c:/inetpub/wwwroot/target/

folders and file you will see is website folders and files

so if you find c:/inetpub/wwwroot/target/admin/xxx/1.bak

go to htpps://target.com/admin/xxx/1.bak to download it

note web.config file may be not download :)

in other web server

https://target.com/FCKeditor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=xxx

you can use this payload

connectors/xxxx/connector.xxxx?command=

xxxx is programming languages which the site programmed

impact:-

File path traversal vulnerability allows an attacker to retrieve files from the local server.

poc:-

not forget to share this write up with your friends and follow me

htttps://facebook.com/ahmed.othman.21

Security Researcher | Bug Bounty Hunter