Metrics
0
Watch 661 Star 1.4k Fork 767

因酷 / inxeduJava

Upload Malicious Files

Open
ziliudi  Created at

inxedu through 2018-12-24 has a vulnerability that can lead to upload malicious files.
1.The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java)
输入图片说明
line 52 check the extention of the file uploaded, while we can control the value of fileType by change the param value of fileType.

2.POC
输入图片说明

above, upload a jsp file,and change the vaule of fileType to "jpg,gif,png,jsp,jpeg",in which we add "jsp" type.

and the response returns the jsp file path.
Then we can visit the jsp file and run evil code.
输入图片说明

  1. fix
    make a whitelist of file extentions in the backend.
total 1 participants

Comments (0)

Sign in and comment

Assignee
Labels
Not set
Project
Milestone
Branch
Scheduled start
Not set
Scheduled end
Not set
Top level
Priority

Help Search