Time to alert “Sparkasse Bank Macedonia” before someone hack them..
Again the same vulnerable CMS in one of the EUROPE’S famous bank in Macedonia. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the FCKEDITOR. Unfortunately a famous bank is also using this EDITOR for their web site SPARKASSE.COM.MK of Republic of Macedonia which have the exploitable version of FCKEDITOR.
The POC the proof of concept is very simple:
site:MK inurl:WEBARCHITECT and you will see the address http://www.sparkasse.com.mk/
and the second step is just to paste the code:
This will activate the Directory Traversal Attack
The result of this attack is full ROOT HACK with UPLOADER to the Read/Write enabled folders, where attacker can upload a shell and to take over the whole server. So like we can see this hack is very easy and can be conducted from any attacker which have a general knowledge form hacking techniques.
The remediation for this attack is to update the exploitable FCKEDITOR version to new one or to change the FCKEDITOR folders permission.
Senior Security Specialist