668 Star 1.6K Fork 826

因酷 / inxedu

 / 详情

Upload Malicious Files

Backlog
Opened this issue  
2019-01-03 12:37

inxedu through 2018-12-24 has a vulnerability that can lead to upload malicious files.
1.The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java)
输入图片说明
line 52 check the extention of the file uploaded, while we can control the value of fileType by change the param value of fileType.

2.POC
输入图片说明

above, upload a jsp file,and change the vaule of fileType to "jpg,gif,png,jsp,jpeg",in which we add "jsp" type.

and the response returns the jsp file path.
Then we can visit the jsp file and run evil code.
输入图片说明

  1. fix
    make a whitelist of file extentions in the backend.

Comments (0)

ziliudi createdtask

Sign in to comment

状态
Assignees
Milestones
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
Branches
Planed to start   -   Planed to end
-
Top level
Priority
参与者(1)
Java
1
https://gitee.com/inxeduopen/inxedu.git
git@gitee.com:inxeduopen/inxedu.git
inxeduopen
inxedu
inxedu

Search