Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module is designed to detect an arbitrary file upload vulnerability in UEditor, a software used for online text editing. The severity of this vulnerability is classified as high. This module was authored by princechaddha.
An attack exploiting this vulnerability could allow an attacker to upload arbitrary files to the UEditor application, potentially leading to remote code execution or unauthorized access to sensitive information.
This module sends a GET request to the UEditor controller endpoint /ueditor/net/controller.ashx?action=catchimage&encode=utf-8
. It then applies two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports a vulnerability.