File Path Traversal (RFI) in fckeditor plugin
FCKeditor is a lightweight text editor to be used in web pages and upload file too.
let’s start
1-using this dork inurl /editor/filemanager/connectors/test.html
2-you must know which programming languages was the site programmed?
then choose programming languages from Connector:
and web server too
for example website in poc that i will attach it using ASP.Net
then click on Get Folders and Files
3-you can put partition name if website host in windows server
https://target.com/FCKeditor/editor/filemanager/connectors/aspx/connector.aspx?Command=GetFoldersAndFiles&Type=File&CurrentFolder=C:/ >>>>>>(windows server)
note:-
c:/inetpub/wwwroot/target/web.config = https://target.com/web.config
if you use this payload
?Command=GetFoldersAndFiles&Type=File&CurrentFolder=c:/inetpub/wwwroot/target/
folders and file you will see is website folders and files
so if you find c:/inetpub/wwwroot/target/admin/xxx/1.bak
go to htpps://target.com/admin/xxx/1.bak to download it
note web.config file may be not download :)
in other web server
you can use this payload
connectors/xxxx/connector.xxxx?command=
xxxx is programming languages which the site programmed
impact:-
File path traversal vulnerability allows an attacker to retrieve files from the local server.
poc:-
not forget to share this write up with your friends and follow me
htttps://facebook.com/ahmed.othman.21