The Upload method calls the uploadAttachment() method.
After audit, we can find that the code does not restrict the ownership of files, so you can access the files uploaded by any user without authorization.
Use the website provided by the project author to demonstrate the vulnerability.
The user a, upload a file, the file path is “/upload/2022/11/test1.HTML”
At this time, log in to another user and enter the above path to achieve unauthorized access to any file.
Solution: Add a filtering mechanism.
The text was updated successfully, but these errors were encountered:
This project has file upload function. The corresponding code for this function is located in com.liuyanzhao.sens.web.controller.admin#upload
The Upload method calls the uploadAttachment() method.
After audit, we can find that the code does not restrict the ownership of files, so you can access the files uploaded by any user without authorization.
Use the website provided by the project author to demonstrate the vulnerability.
The user a, upload a file, the file path is “/upload/2022/11/test1.HTML”
At this time, log in to another user and enter the above path to achieve unauthorized access to any file.
Solution: Add a filtering mechanism.
The text was updated successfully, but these errors were encountered: