Mogu blog has a vulnerability to upload arbitrary files

Using mogu2021:mogu2021 to log in the Mogu blog.
http://demoweb.moguit.cn/
![1 0](https://user-images.githubusercontent.com/47633517/167292671-2a4c815b-d59d-46d8-92f0-b980bc7cd173.png)
![1 1](https://user-images.githubusercontent.com/47633517/167292701-9f57dae7-681b-48a0-97ad-e4796bada332.png)
Choose User Center > User Avatar > Image
![1 2](https://user-images.githubusercontent.com/47633517/167292765-805459f0-4bad-4703-94be-7d92e16077b0.png)
![2](https://user-images.githubusercontent.com/47633517/167292829-dd2618ca-b17d-4186-8804-b08f7e092869.png)
At this point, use the burp suite to capture the request packet.
Use the Repeater module in BurpSuite.
Try to change the file contents in the request package to the XSS payload and try to change the file name to the HTML suffix.
You can see the successful upload and the file path in the response package.
![3](https://user-images.githubusercontent.com/47633517/167292973-deffcdfc-f6a0-4687-b637-a9c3e5881100.png)
Open your browser to access the HTML file you just uploaded
![4](https://user-images.githubusercontent.com/47633517/167293019-5fee2c5b-4a92-4046-8d31-709774ae9533.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mogu blog has a vulnerability to upload arbitrary files #65

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development