Unrestricted Upload of File with Dangerous Type In /uploadFileList
[Suggested description]
blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /uploadFileList. This vulnerability allows an attacker to escalate privileges and execute arbitrary commands through a crafted file.
Unrestricted Upload of File with Dangerous Type In /uploadFileList
[Suggested description]
blog-ssm v1.0 was found to contain an arbitrary file upload vulnerability via the component /uploadFileList. This vulnerability allows an attacker to escalate privileges and execute arbitrary commands through a crafted file.
[Vulnerability Type]
Unrestricted Upload of File with Dangerous Type
[Vendor of Product]
https://github.com/rawchen/blog-ssm
[Affected Product Code Base]
1.0
[Affected Component]
blog-ssm 1.0
OS: Windows/Linux/macOS
Browser: Chrome、Firefox、Safari
[Attack Vector]
Step1:Registered account, username: text123, password: 123456.
Step2:Log in to the account you just registered and click "File Management".
Step3:Click File Upload, select the Trojan file that has been built in advance, and click Upload.
Data Pack
Step4:In /file, click text.jsp to get the URL address of WebShell: http://localhost:8081/upload/file/text.jsp.
Step5:Connect to the Trojan via http://localhost:8081/upload/file/text.jsp.
[Attack Type]
Remote
[Impact Code execution]
True
[Reference(s)]
http://cwe.mitre.org/data/definitions/23.html
The text was updated successfully, but these errors were encountered: