CVE-2022-43140
published 2022-11-17CVE-2022-43140: kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component…
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
1.95%
77.7th percentile
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keking | kkfileview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The SSRF endpoint is reachable via HTTP GET to /getCorsFile with a base64-encoded URL supplied in the `urlPath` query parameter. Probe for out-of-band interactions (e.g. Interactsh) to confirm exploitation. ↗
- →A successful SSRF response body contains the string ' Interactsh Server ' — use this as a word-match indicator in automated scanners. ↗
- →Identify exposed kkFileView instances via Shodan using the queries: http.html:"kkFileView" or http.html:"kkfileview", and via FOFA using app="kkFileView", app="kkfileview", or body="kkfileview". ↗
- →The vulnerable Java component is cn.keking.web.controller.OnlinePreviewController#getCorsFile — monitor application logs and WAF rules for requests targeting this controller method. ↗
- ·The Nuclei template targets kkFileView version 4.1.0 specifically (CPE: cpe:2.3:a:keking:kkfileview:4.1.0). Confirm the installed version before treating scan results as true positives. ↗
- ·The detection matcher relies on an out-of-band callback to an Interactsh server. Ensure your scanning environment has outbound connectivity and a live Interactsh instance to avoid false negatives. ↗
- ·The urlPath parameter value must be base64-encoded; raw URLs supplied directly will not trigger the vulnerability as expected by the template. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
kkFileView 4.1.0 - Server-Side Request Forgery
nuclei·CVSS 7.5
CVE-2022-43140 [HIGH] kkFileView 4.1.0 - Server-Side Request Forgery
kkFileView 4.1.0 - Server-Side Request Forgery
kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-43140
info:
name: kkFileView 4.1.0 - Server-Side Request Forgery
author: Co5mos
severity: high
description: |
kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrar
No writeups or analysis indexed.
2022-11-17
Published