Site Safety Inspection Reveals Kindeditor Upload Vulnerability

Cyber Security
1

Site Safety Inspection Reveals Kindeditor Upload Vulnerability

Warning: Prohibited Access to Site Content

Many station companies have been using the open-source Kindeditor image upload system, which supports almost all websites and is browser compatible with mobile terminals. However, our comprehensive website security vulnerability detection has found a serious upload vulnerability in Kindeditor. This vulnerability has been exploited by attackers to upload illegal content, including elements of gambling, to hijack Baidu snapshots.

Background

The attacked sites were using Kindeditor editor and the upload_json components to upload pictures and documents. However, the current version of Kindeditor (4.1.5) has a code file vulnerability in the upload_json.php code that allows users to upload malicious files, including HTML files, which can be directly uploaded to the site’s directory and indexed by search engines.

Reproducing the Kindeditor Upload Vulnerability

To demonstrate the vulnerability, we used a Linux CentOS system, MySQL 5.6 database, and PHP version 5.4. We copied the Kindeditor 4.1.5 source code to the server and accessed the demo.php page. The default upload file formats supported by Kindeditor are htm and html, which allows for XSS cross-site scripting attacks.

Determining if a Site is Using Kindeditor Editor

To determine if a site is using Kindeditor editor, you can check the following:

  1. Kindeditor / ASP / upload_json.asp? Dir = file
  2. Kindeditor / ASP.NET / upload_json.ashx? Dir = file
  3. Kindeditor / JSP / upload_json.jsp? Dir = file
  4. Kindeditor / PHP / upload_json.php? Dir = file

Exploiting the Vulnerability

Using the first method, we can upload a Webshell vulnerability, including ASP, PHP scripts, and other files, which can be directly uploaded to the site’s directory. We can then open the file manager, rename the uploaded picture, and change the suffix to JPG PHP. By clicking Edit, we can cause the picture file to be executed as a script.

Rehabilitation Program for Kindeditor Website Vulnerabilities

The vulnerability affects a broad range of sites, including corporate websites and government institutions. To mitigate this vulnerability, it is recommended to:

  1. Delete or restrict the upload code format, removing html and htm upload privileges.
  2. Only allow upload of pictures and word format text.
  3. If the site is not familiar with the code, consider hiring a professional security company to deal with the vulnerability.

Security Companies Recommended for Kindeditor Vulnerability Mitigation

We recommend hiring a professional security company to deal with the vulnerability, such as Sinesafe, Green League, Venus, and other sites that have deeply convinced more professional security companies.

Conclusion

The Kindeditor upload vulnerability is a serious issue that affects a broad range of sites. To mitigate this vulnerability, it is essential to delete or restrict the upload code format, remove html and htm upload privileges, and only allow upload of pictures and word format text. If the site is not familiar with the code, consider hiring a professional security company to deal with the vulnerability.