Unrestricted Upload of File with Dangerous Type In /upFile
[Suggested description]
blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /upFile. This vulnerability allows an attacker to escalate privileges and execute arbitrary commands through a crafted file.
Unrestricted Upload of File with Dangerous Type In /upFile
[Suggested description]
blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /upFile. This vulnerability allows an attacker to escalate privileges and execute arbitrary commands through a crafted file.
[Vulnerability Type]
Unrestricted Upload of File with Dangerous Type
[Vendor of Product]
https://github.com/rawchen/blog-ssm
[Affected Product Code Base]
1.0
[Affected Component]
blog-ssm 1.0
OS: Windows/Linux/macOS
Browser: Chrome、Firefox、Safari
[Attack Vector]
Step1:After a code audit, it was found that /upFile has unauthorized access and arbitrary file uploads.
Step2:Build EXP according to the code audit results, and run it to get the URL address of WebShell: http://localhost:8081/upload/blog/20220901/1662015136678.jsp
EXP:
Step3:Connect to the Trojan via http://localhost:8081/upload/blog/20220901/1662015136678.jsp.
[Attack Type]
Remote
[Impact Code execution]
True
[Reference(s)]
http://cwe.mitre.org/data/definitions/23.html
The text was updated successfully, but these errors were encountered: