Title: File upload vulnerability in Kindeditor <= 4.1.12 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2017-06-14 |
CVE-ID:[CVE-2017-1002024] |
CWE: |
Download Site: http://kindeditor.org/ https://github.com/kindsoft/kindeditor/ |
Vendor: KindSoft |
Vendor Notified: 2017-06-15 |
Vendor Contact: |
Advisory: http://www.vapidlabs.com/advisory.php?v=195 |
Description: KindEditor is a lightweight, Open Source(LGPL), cross browser, web based WYSIWYG HTML editor. KindEditor has the ability to convert standard text areas to rich text editing. |
Vulnerability: It appears there is a remote file upload vulnerability in kindeditor<= 4.1.12 specifically in kindeditor/php/upload_json.php. The file doesn't sanitize user input or check that a user should be uploading files to the system. It appears it doesn't allow .php, phtml, shtml or other executable extensions. You can upload .html and call it as its uploaded to the web server path. But no server side code exec.
|
Export: JSON TEXT XML |
Exploit Code:
|
Screen Shots: |
Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory