KindEditor upload parsing vulnerability/list directory/content vulnerability_PHP tutorial

This article will introduce to you the analysis of KindEditor upload parsing vulnerability/listing/content vulnerability. Friends in need can quickly make up for it.

Kindeditor vulnerability: editing code content is executed

Kindeditor vulnerability description: There is no problem when adding kindeditor editing code to the database, that is, some HTML codes will not be executed, for example: web programming, like this The code was not executed when first edited. However, a problem arises when it is taken out from the database and put into kindeditor for modification. This line of HTML code is executed, and the result is this: web programming becomes a hyperlink.

Solution: Take a look at the picture below

This picture is the backend code file of this website. I replaced the "&" in the content taken out from the database with the entity "&". Then you can retrieve and modify the previously inserted code, and it will display normally.

Special note: I used PHP language to modify the above picture. The idea of ​​other server-side scripting languages ​​is the same and can be replaced.

KindEditor upload parsing vulnerability

Affected versions: <= kindeditor 3.2.1 (the latest version released in August 2009)

Exploit: Use Windows 2003 IIS parsing vulnerability to get WEBSHELL

KindEditor list directory vulnerability

Test version: KindEditor 3.4.2 KindEditor 3.5.5

1.1.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=/
2. //path=/, the absolute path D:AppServwww67cmskindeditorphpfile_manager_json.php
3. 2.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
4. //According to the exposed absolute path, modify the path value to AppServ/www/67cms/
5. At this time, all files and file names under d:/AppServ/www/67cms/ will be traversed

Upload modifications to exploit shell vulnerabilities

Affected versions:
KindEditor 3.5.2~4.1

Exploit:
Open the editor, rename the sentence to 1.jpg and upload the image,
Open file management, enter the "down" directory, jump to the last page, the last picture is a sentence we uploaded
Click to change name

Click to change name



Open the inspect element in Google Chrome



Find the form

Modify "jpg" to "asp"



Change the name to 1 Save

http://www.bkjia.com/PHPjc/629616.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629616.htmlTechArticleThis article will introduce to you about KindEditor upload parsing vulnerability/listing/content vulnerability analysis, friends in need Make it up quickly. Kindeditor vulnerability: editing code content is executed...