UEditor - Arbitrary File Upload

UEditor - Arbitrary File Upload

This module is designed to detect an arbitrary file upload vulnerability in UEditor, a software used for online text editing. The severity of this vulnerability is classified as high. This module was authored by princechaddha.

Impact

An attack exploiting this vulnerability could allow an attacker to upload arbitrary files to the UEditor application, potentially leading to remote code execution or unauthorized access to sensitive information.

How the module works?

This module sends a GET request to the UEditor controller endpoint /ueditor/net/controller.ashx?action=catchimage&encode=utf-8. It then applies two matching conditions to determine if the vulnerability is present:

- The response status code must be 200. - The response body must contain the phrase "没有指定抓取源" (which translates to "No specified capture source" in English).

If both conditions are met, the module reports a vulnerability.