Kindeditor vulnerability Edit Code content is executed
Kindeditor Vulnerability Description: Kindeditor edit code added to the database without any problem, that is, some HTML code will not be executed, such as: <a href= "#" >web programming </a> Such code was not executed at the time of the first edit. However, the problem arises when you take it out of the database and put it in the Kindeditor, and the line of HTML code is executed, as a result: Web programming becomes a hyperlink form.
Solution: First look at the picture below
This picture is the site background code file, I will take out from the database in the content of the "&" was replaced, replaced by the entity "&". Then you take the code you inserted before you change it, and you can display it normally.
Special NOTE: I am using the PHP language to modify the image above, the other server-side scripting language ideas are the same, to replace.
kindeditor Upload Parsing Vulnerability
Impact version: <= kindeditor 3.2.1 (latest edition released in August 09)
Exploit: Using Windows 2003 IIS parsing vulnerabilities take Webshell
kindeditor Column Directory Vulnerability
Beta version: Kindeditor 3.4.2 Kindeditor 3.5.5
1.1.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=/
2.//path=/, burst absolute path d:appservwww67cmskindeditorphpfile_manager_json.php
3.2.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=appserv/www/67cms/
4.//According to the absolute path of the burst, modify the value of path to appserv/www/67cms/
5. This will traverse all the files and file names under d:/appserv/www/67cms/.
upload Modify take shell loophole
Impact Version:
Kindeditor 3.5.2~4.1
Vulnerability Exploits:
Open the editor, change a word to 1.jpg upload picture,
Open file management, go to the "down" directory, jump to the end, the last picture is the one we uploaded a word
Click Rename
Click Rename
Open Google browser's review element
Locate Form form
Modify "JPG" to "ASP"
Name modified to 1 save