Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a file upload vulnerability in bl-kereln/ajax/upload-logo.php #1011

Closed
liao10086 opened this issue Mar 29, 2019 · 2 comments
Closed

a file upload vulnerability in bl-kereln/ajax/upload-logo.php #1011

liao10086 opened this issue Mar 29, 2019 · 2 comments
Labels
Bug Bug in latest release version. Core Issues related to the Bludit core.

Comments

@liao10086
Copy link

Describe your problem

a file upload vulnerability in bl-kereln/ajax/upload-logo.php
can upload php file
image

Expected behavior

Limit upload file type

Actual behavior

can upload php file

Steps to reproduce the problem

so I upload a php file
image

Visit http://192.168.10.12/bl-content/uploads/BLUDIT.php
image

Bludit version

3.8.0

author by:xijun.liao@dbappsecurity.com.cn

@dignajar
Copy link
Member

Hi,
I will fix it. The same bug as here.
#978

Just to inform to the users, you need to have administrator permissions for execute this vulnerability.

@dignajar dignajar added Bug Bug in latest release version. Core Issues related to the Bludit core. labels Mar 29, 2019
@liao10086
Copy link
Author

The version is 3.8.1
It's not the same problem as #978 is, they have different triggers.
image

You can fix it in bl-kereln/ajax/upload-logo.php and check suffix like jpg,png or gif and so on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Bug in latest release version. Core Issues related to the Bludit core.
Development

No branches or pull requests

2 participants