Mango cloud KODExplorer storage type xss (1)

Mango cloud KODExplorer storage type xss (1)

Instead, it is actually downloaded. The default value of the app to your server is writable.

Is the default configuration of the downloaded version, and the default configuration is not used in the official website demo.

If not, download the test: http://pan.baidu.com/s/1eQd4I9W#dir/path=%2Fkodexplorer.



The previous official website links are intended to allow the review team to take a look. This is something that can be done.

The public directory on the official website is specially set to non-writable, not the default configuration of the program.

The official website demo prohibits public write and rename for the sake of server security.

However, this is not the default configuration of kod. The default group has the default permission to upload files to the public directory.



Last sentence,

Although I am limited in technology and cannot compare with others, I will never be disgusted with some false things.
 

The default User Group can upload files in the public directory, block special characters in the file name, and insert malicious code by modifying the package.



Attached is a self-built test and user group setting, upload feasibility proof:



Add the default user test:
 

It proves that default has the permission to upload data to the public directory:
 

When opening this directory:
 

 

Solution:

Although it looks like a self-xss, it can actually be used.



If I fail to pass the test, it will not be sent, and every problem is run on my own machine.



Although the technology is poor, it will never do anything false.