inxedu through 2018-12-24 has a vulnerability that can lead to upload malicious files.
1.The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java)
line 52 check the extention of the file uploaded, while we can control the value of fileType by change the param value of fileType.
above, upload a jsp file,and change the vaule of fileType to "jpg,gif,png,jsp,jpeg",in which we add "jsp" type.
and the response returns the jsp file path.
Then we can visit the jsp file and run evil code.
Sign in and comment