Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-42149 PoC — Keking kkFileView 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-42149.yaml
Associated Vulnerability
Title:Keking kkFileView 代码问题漏洞 (CVE-2022-42149)
Description:Keking kkFileView是中国凯京科技(Keking)公司的一个 Spring-Boot 打造文件文档在线预览项目。 Keking kkFileView 4.0版本存在安全漏洞,该漏洞源于攻击者可以通过其controlleOnlinePreviewController.java组件实现跨站请求伪造。
Description
kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests.
File Snapshot

 id: CVE-2022-42149

info:
  name: kkFileView 4.0 - Server-Side Request Forgery
  author: Arm!tage
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.