https://pwnwiki.com/index.php?action=history&feed=atom&title=CKEditor_3_SSRF%E6%BC%8F%E6%B4%9ECKEditor 3 SSRF漏洞 - Revision history2026-04-07T08:50:51ZRevision history for this page on the wikiMediaWiki 1.35.1https://pwnwiki.com/index.php?title=CKEditor_3_SSRF%E6%BC%8F%E6%B4%9E&diff=5203&oldid=prevPwnwiki: Created page with "<pre> # Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author..."2021-06-17T00:43:39Z<p>Created page with "<pre> # Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF)<br />
# Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html<br />
# Date: 12-6-2021<br />
# Exploit Author: Blackangel<br />
# Software Link: https://ckeditor.com/<br />
# Version:all version under 4 (1,2,3)<br />
# Tested on: windows 7<br />
<br />
Steps of Exploit:-<br />
<br />
1-using google dorks<br />
<br />
inurl /editor/filemanager/connectors/uploadtest.html<br />
<br />
2-after going to vulnerable page you will find filed “Custom Uploader URL: ”<br />
<br />
3-right click then choose inspect element, click on pick an element from<br />
the page , select field Custom Uploader URL:<br />
<br />
4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%;<br />
BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>”<br />
<br />
delete disabled=””<br />
<br />
5-now you can put url start with any protocal<br />
<br />
6-send it to the server as you see website that you have entered link<br />
<br />
is appear into page .<br />
<br />
what this mean??!!1<br />
<br />
you send request to server using vulnerable website<br />
<br />
you can said i used it as proxy<br />
<br />
hackers >>> vulnerable website >>> http:/xx.com<br />
<br />
so in http://xx.com logs requests come from vulnerable website<br />
<br />
impact:-<br />
<br />
1-that allows an attacker to induce the server-side application to make<br />
HTTP requests to an arbitrary domain of the attacker’s choosing. if there<br />
is big company use old version hackers can send request via there websites<br />
and this not good for reputation of company<br />
<br />
2-put big company website in blacklist of websites cause i hackers can send<br />
many of request via vulnerable website<br />
<br />
Mitigation:-<br />
<br />
Remove the uploadtest.html file as it is not used by the application.<br />
</pre></div>Pwnwiki