Detected publicly accessible KCFinder instances that may have allowed arbitrary file uploads and remote code execution (RCE).Exposure of KCFinder could have allowed an attacker to gain unauthorized access to the file manager and upload malicious files.
PoC代码[已公开]
id: kcfinder-exposure
info:
name: KCFinder - Exposure
author: theamanrawat
severity: high
description: |
Detected publicly accessible KCFinder instances that may have allowed arbitrary file uploads and remote code execution (RCE).Exposure of KCFinder could have allowed an attacker to gain unauthorized access to the file manager and upload malicious files.
reference:
- https://github.com/sunhater/kcfinder
metadata:
verified: true
max-request: 6
tags: exposure,kcfinder,file-upload
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/kcfinder/browse.php"
- "{{BaseURL}}/assets/kcfinder/browse.php"
- "{{BaseURL}}/lib/kcfinder/browse.php"
- "{{BaseURL}}/admin/kcfinder/browse.php"
- "{{BaseURL}}/includes/kcfinder/browse.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- "<title>KCFinder:"
- "id=\"files\""
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100b061dd62f00aa08133b4d220bdadb31cb2df9da446e57b746b52c092f88bab9d02205e6878aaf5f270be40885d200cc91ab70bfb3297654bba5c7d41146248df2073:922c64590222798bb761d5b6d8e72950