Backend DevelopmentPHP TutorialKindEditor upload parsing vulnerability/list directory/content vulnerability_PHP tutorial
This article will introduce to you the analysis of KindEditor upload parsing vulnerability/listing/content vulnerability. Friends in need can quickly make up for it.
Kindeditor vulnerability: editing code content is executed
Kindeditor vulnerability description: There is no problem when adding kindeditor editing code to the database, that is, some HTML codes will not be executed, for example: web programming, like this The code was not executed when first edited. However, a problem arises when it is taken out from the database and put into kindeditor for modification. This line of HTML code is executed, and the result is this: web programming becomes a hyperlink.
Solution: Take a look at the picture below
This picture is the backend code file of this website. I replaced the "&" in the content taken out from the database with the entity "&". Then you can retrieve and modify the previously inserted code, and it will display normally.
Special note: I used PHP language to modify the above picture. The idea of other server-side scripting languages is the same and can be replaced.
KindEditor upload parsing vulnerability
Affected versions:
Exploit: Use Windows 2003 IIS parsing vulnerability to get WEBSHELL
KindEditor list directory vulnerability
Test version: KindEditor 3.4.2 KindEditor 3.5.5
1.1.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=/
2. //path=/, the absolute path D:AppServwww67cmskindeditorphpfile_manager_json.php
3. 2.http://netknight.in/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
4. //According to the exposed absolute path, modify the path value to AppServ/www/67cms/
5. At this time, all files and file names under d:/AppServ/www/67cms/ will be traversed
Upload modifications to exploit shell vulnerabilities
Affected versions:
KindEditor 3.5.2~4.1
Exploit:
Open the editor, rename the sentence to 1.jpg and upload the image,
Open file management, enter the "down" directory, jump to the last page, the last picture is a sentence we uploaded
Click to change name
Click to change name
Open the inspect element in Google Chrome
Find the form
Modify "jpg" to "asp"
Change the name to 1 Save
如何在FastAPI中实现文件上传和处理Jul 28, 2023 pm 03:01 PM如何在FastAPI中实现文件上传和处理FastAPI是一个现代化的高性能Web框架,简单易用且功能强大,它提供了原生支持文件上传和处理的功能。在本文中,我们将学习如何在FastAPI框架中实现文件上传和处理的功能,并提供代码示例来说明具体的实现步骤。首先,我们需要导入需要的库和模块:fromfastapiimportFastAPI,UploadF
如何在QQ音乐上传歌词Feb 23, 2024 pm 11:45 PM随着数字化时代的到来,音乐平台成为人们获取音乐的主要途径之一。然而,有时候我们在听歌的时候,发现没有歌词是一件十分困扰的事情。很多人都希望在听歌的时候能够显示歌词,以便更好地理解歌曲的内容和情感。而QQ音乐作为国内最大的音乐平台之一,也为用户提供了上传歌词的功能,使得用户可以更好地享受音乐的同时,感受到歌曲的内涵。下面将介绍一下在QQ音乐上如何上传歌词。首先
酷狗上传自己的音乐的简单步骤Mar 25, 2024 pm 10:56 PM1、打开酷狗音乐,点击个人头像。2、点击右上角设置的图标。3、点击【上传音乐作品】。4、点击【上传作品】。5、选择歌曲,然后点击【下一步】。6、最后点击【上传】即可。
Win10电脑上传速度慢怎么解决Jul 01, 2023 am 11:25 AMWin10电脑上传速度慢怎么解决?我们在使用电脑的时候可能会觉得自己电脑上传文件的速度非常的慢,那么这是什么情况呢?其实这是因为电脑默认的上传速度为20%,所以才导致上传速度非常慢,很多小伙伴不知道怎么详细操作,小编下面整理了win11格式化c盘操作步骤,如果你感兴趣的话,跟着小编一起往下看看吧! Win10上传速度慢的解决方法 1、按下win+R调出运行,输入gpedit.msc,回车。 2、选择管理模板,点击网络--Qos数据包计划程序,双击限制可保留带宽。 3、选择已启用,将带
如何提升电脑上传速度Jan 15, 2024 pm 06:51 PM上传速度变得非常慢?相信这是很多朋友用电脑上传东西时候都会遇到的一个问题,在使用电脑传送文件的时候如果遇到网络不稳定,上传的速度就会很慢,那么应该怎么提高网络上传速度呢?下面,小编将电脑上传速度慢的处理方法告诉大家。说到网络速度,我们都知道打开网页的速度,下载速度,其实还有一个上传速度也非常关键,特别是一些用户经常需要上传文件到网盘的,那么上传速度快无疑会给你省下不少时间,那么上传速度慢怎么办?下面,小编给大伙带来了电脑上传速度慢的处理图文。电脑上传速度慢怎么解决点击“开始--运行”或者“窗口键
电脑怎么拍照上传Jan 16, 2024 am 10:45 AM电脑只要安装了摄像头就可以进行拍照,但是有些用户还不知道该怎么拍照上传,现在就给大家具体介绍一下电脑拍照的方法,这样用户得到图片之后想上传到哪里都可以了。电脑怎么拍照上传一、Mac电脑1、打开访达,再点击左边的应用程序。2、打开后点击相机应用。3、点击下方的拍照按钮就可以了。二、Windows电脑1、打开下方搜索框,输入相机。2、接着打开搜索到的应用。3、再点击旁边的拍照按钮就可以了。
Python编程解析百度地图API文档中的坐标转换功能Aug 01, 2023 am 08:57 AMPython编程解析百度地图API文档中的坐标转换功能导读:随着互联网的快速发展,地图定位功能已经成为现代人生活中不可或缺的一部分。而百度地图作为国内最受欢迎的地图服务之一,提供了一系列的API供开发者使用。本文将通过Python编程,解析百度地图API文档中的坐标转换功能,并给出相应的代码示例。一、引言在开发中,我们有时会涉及到坐标的转换问题。百度地图AP
如何通过PHP快手API接口,实现视频的播放和上传功能Jul 21, 2023 pm 04:37 PM如何通过PHP快手API接口,实现视频的播放和上传功能导语:随着社交媒体的兴起,大众对于视频内容的需求也逐渐增加。快手作为一款以短视频为主题的社交应用,受到了很多用户的喜爱。本文将介绍如何使用PHP编写代码,通过快手API接口实现视频的播放和上传功能。一、获取访问Token在使用快手API接口之前,首先需要获取访问Token。Token是访问API接口的身份
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
