File Download vulnerability in DEXT5Editor 3.5.1402961 by xcuter
kbgsft edited this page Jun 16, 2020
·
2 revisions
Clone this wiki locally
1. Summary
- DEXT5 Editor is a popular HTML5-based web editor in Korea.
- DEXT5 Editor 3.5.1402961 and earlier version allows an attacker to download arbitrary files from the target server via specially crafted HTTP requests. When upload_handler.jsp is requested, it can be downloaded by manipulating some parameters such as "savefilepath".
- CVE : CVE-2020-13894
2. Payloads
- savefilepath--> {filepath you want}
- and some encryption
3. Proof
4. How to find this vulnerability?
-
The "Web Security Checker" automatically diagnoses vulnerabilities in web services. It can diagnose the following vulnerabilities : SQL Injection, XSS, LFI, RFI, SSRF, File Upload, File Download, XXE, Command Injection, File management, Direcroty Listing, Source Code Disclosure, URL Redirection, Insecure SSL/TLS, Mixed Content, Specific Vulnerabilities(CVE ShellShock, etc.)
-
This vulnerability will be updated soon.
-
5. Discoverer
- Kang Bong Goo( xcuter ) in NBP( NAVER BUSINESS PLATFORM )
- Security Engineer
- Service : https://www.ncloud.com, https://www.naver.com

