aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Aaron
2025-09-06 16:08:15 +08:00
commit 63285f61aa
2624 changed files with 88491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
kkfileview/4.3-zipslip-rce/README.md Normal file
View File

@@ -0,0 +1,45 @@
# kkFileView ZipSlip Remote Code Execution
[中文版本(Chinese version)](README.zh-cn.md)
kkFileView is an open source document online preview solution.
In the version prior to 4.4.0-beta, kkFileView has a ZipSlip issue. Attackers can use this issue to upload arbitrary files to the server and execute code.
References:
- <https://github.com/luelueking/kkFileView-v4.3.0-RCE-POC>
## Vulnerable environment
Execute following command to start a kkFileView 3.4.0:
```
docker compose up -d
```
After the server is started, you can see the index page at `http://your-ip:8012`.
## Exploit
First, generate a craft POC by [poc.py](poc.py):
```
python poc.py
```
A `test.zip` file will be written.
Upload `test.zip` and the [sample.odt](samople.odt) to the kkFileView server:
![](1.png)
Then, click the "preview" button of `test.zip`, the zip file will be listed:
![](2.png)
Finally, click the "preview" button of `sample.odt`.
You can see the `touch /tmp/success` has been executed successful:
![](3.png)