36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
id: ueditor-file-upload
|
|
|
|
info:
|
|
name: UEditor - Arbitrary File Upload
|
|
author: princechaddha
|
|
severity: high
|
|
description: UEditor contains an arbitrary file upload vulnerability. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
|
reference:
|
|
- https://zhuanlan.zhihu.com/p/85265552
|
|
- https://www.freebuf.com/vuls/181814.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.8
|
|
cwe-id: CWE-434
|
|
metadata:
|
|
max-request: 1
|
|
tags: ueditor,fileupload,intrusive
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/ueditor/net/controller.ashx?action=catchimage&encode=utf-8"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
words:
|
|
- "没有指定抓取源"
|
|
part: body
|
|
|
|
# digest: 4b0a004830460221009501e1673bff22890bdf6f86f4abb6d383d42416aeac992aa6c8edbc53f42c88022100f51d9202825dc28b1c88f323a8b862eb5a5f94f8a739073f5a421506eb586aa9:922c64590222798bb761d5b6d8e72950
|