CVE-2022-42149
published 2022-10-17CVE-2022-42149: kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.19%
80.2th percentile
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keking | kkfileview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The SSRF is triggered via a GET request to /onlinePreview with a base64-encoded URL as the `url` parameter. Monitor for base64-encoded values in the `url` query parameter of this endpoint. ↗
- →Successful exploitation can be confirmed by extracting and base64-decoding the value of the hidden HTML element with id='textData' and checking for expected out-of-band response content (e.g., 'Disallow' from robots.txt). ↗
- →Fingerprint kkFileView instances via Shodan or FOFA using HTML body content matches before probing for SSRF. ↗
- →The vulnerable code path is in OnlinePreviewController.java; focus code review and WAF rules on the /onlinePreview endpoint's `url` parameter handling. ↗
- ·The exploit requires the `url` parameter to be base64-encoded; plain URL values will not trigger the vulnerability. ↗
- ·Exploitation is unauthenticated (PR:N) and requires no user interaction (UI:N), making it trivially exploitable from the network. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
kkFileView 4.0 - Server-Side Request Forgery
nuclei·CVSS 9.8
CVE-2022-42149 [CRITICAL] kkFileView 4.0 - Server-Side Request Forgery
kkFileView 4.0 - Server-Side Request Forgery
kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests.
Template:
id: CVE-2022-42149
info:
name: kkFileView 4.0 - Server-Side Request Forgery
author: Arm!tage
severity: critical
description: |
kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests.
impact: |
Unauthenticated attackers can exploit SSRF to make the server fetch arbitrary URLs, potentially accessing internal services, bypassing firewall restrictions
No writeups or analysis indexed.
2022-10-17
Published