漏洞等级:高危
Kindeditor是一套开源的HTML可视化编辑器,主要用于让用户在网站上获得所见即所得编辑效果,兼容IE、Firefox、Chrome、Safari、Opera等主流浏览器。
漏洞描述:
Kindeditor能够上传doc,docx,xls,xlsx,ppt,htm,html,txt,zip,rar,gz,bz2,wps,pdf格式文件。支持Java、.NET、PHP、ASP等程序。
漏洞影响:
由于该漏洞无法上传php,asp,java等类型文件,所以无法getshell,但是可以上传包含色情、赌博等类欺骗性html网页,如果上传到政府类网站,不法分子会利用政府域名的权威性达到欺骗普通用户的目的,所以危害性很大。
漏洞修复:
Kindeditor有配置文件可以限制可上传的文件类型,修改配置文件即可。
不同环境各版本目录如下:
kindeditor/php/upload_json.php
kindeditor/asp/upload_json.asp
kindeditor/jsp/upload_json.jsp
kindeditor/asp.net/upload_json.ashx
将其中允许的上传类型中删除HTM和HTML即可(TXT建议删除)。
附:Linux系统一键处理脚本(自动备份源文件为.bak)
#!/bin/sh
#This script modifies the kindeditor configuration file to prevent kindeditor from uploading HTML files.
#Version.1.10
yum -y install mlocate
updatedb
clear
date +"%Y-%m-%d %H:%M:%S" 1> /home/kindeditor-close-html.log 2>&1
echo -e "Processing directory: /www/users" >> /home/kindeditor-close-html.log
locate upload_json | grep "www/users" | grep -v 'bak' | grep kindeditor >> /home/kindeditor-close-html.log
echo -e "_____________________________________________________" >> /home/kindeditor-close-html.log
cat /home/kindeditor-close-html.log
locate upload_json.php | grep "www/users" | grep -v 'bak' | grep kindeditor | xargs sed -i.bak "s/'htm', 'html', //g"
locate upload_json.asp | grep "www/users" | grep -v 'bak' | grep kindeditor | xargs sed -i.bak "s/htm|html|//g"
locate upload_json.jsp | grep "www/users" | grep -v 'bak' | grep kindeditor | xargs sed -i.bak "s/htm,html,//g"
locate upload_json.ashx | grep "www/users" | grep -v 'bak' | grep kindeditor | xargs sed -i.bak "s/htm,html,//g"
echo Successful processing is completed.
echo Log file directory: /home/kindeditor-close-html.log
echo
