Halo Blog CMS1.4.17 Fileupload without file type authentication #1702
Labels
kind/bug
Categorizes issue or PR as related to a bug.
kind/feature
Categorizes issue or PR as related to a new feature.
Milestone
是什么版本出现了此问题?
1.4.17
使用的什么数据库?
MySQL 5.7
使用的哪种方式部署?
Fat Jar
在线站点地址
https://demo.halo.run/admin/index.html#/comments
发生了什么?
The vulnerability can lead to the upload of arbitrary malicious script files.
相关日志输出
附加信息
Black-box penetration:
attachment upload feature ,try to upload a random image.
Source code review:
Try to download the source code for source code security analysis
https://github.com/halo-dev/halo/releases/tag/v1.4.17(Latest version 1.4.17)
According to the annotations of this class, you can find that all requests to the path /api/admin/attachments will access this class.
The text was updated successfully, but these errors were encountered: