Unrestricted Upload of File with Dangerous Type vulnerability exists in SIMS. This open source system is a student information management system. There is an insecure vulnerability when uploading attachments. An attacker could exploit this vulnerability to gain server privileges.
POST: http://localhost:8081/sims/uploadServlet
Step1: Under the "System Management" tab, select "File Release", select the Trojan file "text.jsp", and click the "Start Upload" button.
Step2: The upload is successful, and the Trojan path is obtained under the "File List" selected under the "System Management" tab.
Step3: The path of the assembly Trojan is "http://localhost:8081/sims/upload/text.jsp", connect the Trojan through godzilla.jar, and execute the "dir" command successfully.
[Suggested description]
Unrestricted Upload of File with Dangerous Type vulnerability exists in SIMS. This open source system is a student information management system. There is an insecure vulnerability when uploading attachments. An attacker could exploit this vulnerability to gain server privileges.
POST: http://localhost:8081/sims/uploadServlet
[Vulnerability Type]
Unrestricted Upload of File with Dangerous Type
[Vendor of Product]
https://github.com/rawchen/sims
[Affected Product Code Base]
1.0
[Affected Component]
Sims 1.0
OS: Windows/Linux/macOS
Browser: Chrome、Firefox、Safari
[Attack vector]
[Attack Type]
Remote
[Impact Code execution]
False
[Proof of concept]
Step1: Under the "System Management" tab, select "File Release", select the Trojan file "text.jsp", and click the "Start Upload" button.
Step2: The upload is successful, and the Trojan path is obtained under the "File List" selected under the "System Management" tab.
Step3: The path of the assembly Trojan is "http://localhost:8081/sims/upload/text.jsp", connect the Trojan through godzilla.jar, and execute the "dir" command successfully.
[Reference(s)]
http://cwe.mitre.org/data/definitions/434.html
The text was updated successfully, but these errors were encountered: