Arbitrary file upload / CVE-2022-28052
- So we only need to
- tamper the suffix of an originally valid file to bypass the front-end validation
- construct the customPath param in post body params which includes "../" to complete path traversal
- So we only need to
- tamper the suffix of an originally valid file to bypass the front-end validation
- construct the customPath param in post body params which includes "../" to complete path traversal