kindeditor<=4.1.5文件上传漏洞

Basic Fields

SSV ID:
SSV-89546
Find Time:
2013-03-11
Submit Time:
2015-09-25
Level:
Category:
文件上传
Component:
KindEditor
(<=4.1.5)
Author:
Unknown
Submitter:
shanji
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
Add
ZoomEye Dork:
Add

Source

Detail

Contributor shanji Got  15.8KB
Loading icon
lightning1141 RickGray Data @mb1Dex Hatred do9gy 尧之 huakai etc 125  exchange

PoC (pocsuite 插件) (pocsuite 插件)

Contributor tester1111 totally have   44.45KB
Login to exchange

tester1111 hhxx HHMA fasfj etc 12 Exchange

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Popularity 39578
Need to bind phone before comment. Bind Now

All Comments (5)

  • 天天扫鸡
    该如何拿shell呢.
    5F
  • 天天扫鸡
    KindEditor 4.1.4没利用成功.求大佬解惑
    • wechat_Wei额
      只是用作推广用,利用上传成功txt和html,蜘蛛池爬取html!
    4F
  • 95zz
    packetstormsecurity不是有吗?这么多人兑换...
    3F
  • kindeditor 3.5.5的JS用此页面无选择文件按钮
    2F
  • 用这个的其实很少
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes