2021-04-23 12:15:09 +00:00
id : ueditor-file-upload
2022-04-22 10:38:41 +00:00
2021-04-23 12:15:09 +00:00
info :
2022-10-25 13:40:49 +00:00
name : UEditor - Arbitrary File Upload
2021-04-23 12:15:09 +00:00
author : princechaddha
severity : high
2022-10-25 13:40:49 +00:00
description : UEditor contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
2021-08-18 11:37:49 +00:00
reference :
2021-04-23 12:15:09 +00:00
- https://zhuanlan.zhihu.com/p/85265552
- https://www.freebuf.com/vuls/181814.html
2022-11-08 20:55:31 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score : 8.8
cwe-id : CWE-434
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-10-14 11:27:55 +00:00
tags : ueditor,fileupload,intrusive
2021-04-23 12:15:09 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-23 12:15:09 +00:00
- method : GET
path :
- "{{BaseURL}}/ueditor/net/controller.ashx?action=catchimage&encode=utf-8"
2023-10-14 11:27:55 +00:00
2021-04-23 12:15:09 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2023-10-14 11:27:55 +00:00
2021-04-23 12:15:09 +00:00
- type : word
words :
- "没有指定抓取源"
part : body
2023-10-20 11:41:13 +00:00
# digest: 4b0a004830460221009501e1673bff22890bdf6f86f4abb6d383d42416aeac992aa6c8edbc53f42c88022100f51d9202825dc28b1c88f323a8b862eb5a5f94f8a739073f5a421506eb586aa9:922c64590222798bb761d5b6d8e72950
