# (CVE-2017-1002024)Kindeditor <=4.1.11 上传漏洞 > 原文:[https://www.zhihuifly.com/t/topic/3006](https://www.zhihuifly.com/t/topic/3006)
# (CVE-2017-1002024)Kindeditor <=4.1.11 上传漏洞 ## 一、漏洞简介 漏洞存在于kindeditor编辑器里,你能上传.txt和.html文件,支持php/asp/jsp/asp.net,漏洞存在于小于等于kindeditor4.1.11编辑器中 ## 二、漏洞影响 Kindeditor <=4.1.11 ## 三、复现过程 > json文件地址
“`
/asp/upload_json.asp
/asp.net/upload_json.ashx
/jsp/upload_json.jsp `/php/upload_json.php`
“`
> 上传路径
“`
kindeditor/asp/upload_json.asp?dir=file
kindeditor/asp.net/upload_json.ashx?dir=file
kindeditor/jsp/upload_json.jsp?dir=file `kindeditor/php/upload_json.php?dir=file`
“`
> 查看版本信息
“`
http://www.0-sec.org/kindeditor//kindeditor.js
“`
> 构造poc
“`
“`
请登录后查看评论内容