You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After the administrator logged in and added a new permitted extension of file such as "aassp".
The administrator can upload a malicious file which extension is "aassp".
After the file was filtered by the rule, the file extension will be changed to "*.asp". Then the file will run as a webshell.
After the administrator logged in and added a new permitted extension of file such as "aassp".
The administrator can upload a malicious file which extension is "aassp".
After the file was filtered by the rule, the file extension will be changed to "*.asp". Then the file will run as a webshell.
https://github.com/siteserver/cms/blob/dev/net452/SiteServer.CMS/Core/PathUtility.cs
The filtering rule:
retVal = StringUtils.ReplaceIgnoreCase(retVal, "as", string.Empty);The rule is so simple that replaces "as" .
And the suggestion is:
After replacied, add a judgement to enhance the filter that
if "as" in extension of file then reject uploading.
POC:
A part of the response :
The text was updated successfully, but these errors were encountered: