You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Register an ordinary user arbitrarily, and upload the avatar
The front-end restricts the file type, and can only upload image-type files
You can modify the suffix of the malicious file to jpg and then modify it back through packet capture
repair suggestion
-The backend increases the inspection of file types and uses whitelist filtering
Filter with blacklist
The text was updated successfully, but these errors were encountered:
Affected versions:v3.1.1
The steps to reproduce
Register an ordinary user arbitrarily, and upload the avatar
The front-end restricts the file type, and can only upload image-type files
You can modify the suffix of the malicious file to jpg and then modify it back through packet capture
repair suggestion
-The backend increases the inspection of file types and uses whitelist filtering
The text was updated successfully, but these errors were encountered: