Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unrestrict File Upload to RCE vulnerability Find in BearAdmin #16

Closed
SZFsir opened this issue Jun 10, 2021 · 2 comments
Closed

Unrestrict File Upload to RCE vulnerability Find in BearAdmin #16

SZFsir opened this issue Jun 10, 2021 · 2 comments

Comments

@SZFsir
Copy link

SZFsir commented Jun 10, 2021

In application/admin/controller/EditorController.php, it handles editor file upload through server function
图片
And then in extend/tools/UEditor.php function upFile,
图片
it does not check the extension of the file then save it to local storage.
so when upload a file/image/vedio,we can upload a PHP file to getshell.
图片

I test this vulnerability in your demo, and demonstrate it exist, please fix it as soon as possible.
图片

图片

@yupoxiong
Copy link
Owner

Thank you, I have dealt with this problem. Currently, login judgment restrictions have been set in the/application/admin/controller/EditorController.phpfile, and the file suffix verification function has been added to the /extend/tools/UEditor.phpfile.

@SZFsir
Copy link
Author

SZFsir commented Jul 9, 2021

OK, I would appreciate it if you could help me request a CVE ID for this vulnerability in github. So just create a security advisory, and then request a CVE ID

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants