yf-exam is a multi-role online training and examination system. The system integrates user management, role management, department management, question bank management, test question management, test question import and export, test management, online test, wrong question training and other functions, and the test process is perfect. @PostMapping("/common/api/file/upload") When this interface is uploaded, there is no restriction on the suffix of the uploaded file, resulting in any file upload.
Vulnerability details
This interface accepts uploaded files, and then submits them to upload() for processing.
com.yf.exam.ability.upload.controller#upload()
Continue to follow up and come to the implementation class of the upload interface.
com.yf.exam.ability.upload.service.impl#upload()
You can see that the incoming files are processed here, continue to follow up
com.yf.exam.ability.upload.utils#processPath()
Then rename the incoming file
com.yf.exam.ability.upload.utils#renameFile()
It can be seen that only the suffix name is intercepted, without filtering, it is directly spliced and put back。
Finally, return directly to the upload path.
TEST
Upload file at routing point
It can be found that the upload was successful
Try to access, you can find that the access is successful。
The text was updated successfully, but these errors were encountered:
Description
yf-exam is a multi-role online training and examination system. The system integrates user management, role management, department management, question bank management, test question management, test question import and export, test management, online test, wrong question training and other functions, and the test process is perfect. @PostMapping("/common/api/file/upload") When this interface is uploaded, there is no restriction on the suffix of the uploaded file, resulting in any file upload.
Vulnerability details
This interface accepts uploaded files, and then submits them to upload() for processing.
Continue to follow up and come to the implementation class of the upload interface.
You can see that the incoming files are processed here, continue to follow up
Then rename the incoming file
com.yf.exam.ability.upload.utils#renameFile()
It can be seen that only the suffix name is intercepted, without filtering, it is directly spliced and put back。
Finally, return directly to the upload path.
TEST
Upload file at routing point
It can be found that the upload was successful
Try to access, you can find that the access is successful。
The text was updated successfully, but these errors were encountered: