cbcvebase.
CVE-2022-42149
published 2022-10-17

CVE-2022-42149: kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.19%
80.2th percentile
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

Affected

1 ranges
VendorProductVersion rangeFixed in
kekingkkfileview

Detection & IOCsextracted from sources · hover to see the quote

url/onlinePreview?url={{base64('http://oast.fun/robots.txt')}}
path/onlinePreview
  • The SSRF is triggered via a GET request to /onlinePreview with a base64-encoded URL as the `url` parameter. Monitor for base64-encoded values in the `url` query parameter of this endpoint.
  • Successful exploitation can be confirmed by extracting and base64-decoding the value of the hidden HTML element with id='textData' and checking for expected out-of-band response content (e.g., 'Disallow' from robots.txt).
  • Fingerprint kkFileView instances via Shodan or FOFA using HTML body content matches before probing for SSRF.
  • The vulnerable code path is in OnlinePreviewController.java; focus code review and WAF rules on the /onlinePreview endpoint's `url` parameter handling.
  • ·The exploit requires the `url` parameter to be base64-encoded; plain URL values will not trigger the vulnerability.
  • ·Exploitation is unauthenticated (PR:N) and requires no user interaction (UI:N), making it trivially exploitable from the network.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.