How do you do
Bro, I have a problem while using the editor today
Seems some application can crack to fckeditor and do code injection to all js
files in fckeditor
I found code injection like this
How's great Cracker today
Do you guys have the way to prevent it?
My application is CMS application. so this not possible only give read permission to site folder, because our cms application can upload data and create data file.
Previously, this cracker upload some script file in asp format to image data
I've prevented it by rename the folder fckeditor to edsuite and do session validation in /edsuite/editor/filemanager/connectors/aspx/connector.aspx
But the last I get the cracker have found the way to do code injection to
all js file in fckeditor
Need advice from the expert how to solve this problem.
How to prevent Code injection in js file?