The Upload method calls the uploadAttachment() method.
After audit, we can find that the code does not restrict the name of the file and the path of the final storage. The path of the final file is “/upload/202/11/+filename”, so there is a file upload attack.
Use the website provided by the project author to demonstrate the vulnerability.
Changing the name of the file to be uploaded “.. /.. /ind.html” to attack.
The traversed file was successfully accessed.
Solution: Add a filtering mechanism.
The text was updated successfully, but these errors were encountered:
This project has file upload function. The corresponding code for this function is located in com.liuyanzhao.sens.web.controller.admin#upload
The Upload method calls the uploadAttachment() method.
After audit, we can find that the code does not restrict the name of the file and the path of the final storage. The path of the final file is “/upload/202/11/+filename”, so there is a file upload attack.
Use the website provided by the project author to demonstrate the vulnerability.
Changing the name of the file to be uploaded “.. /.. /ind.html” to attack.
The traversed file was successfully accessed.
Solution: Add a filtering mechanism.
The text was updated successfully, but these errors were encountered: