| Titel | Online computer and laptop stores have arbitrary file uploads where administrators upload avatars |
|---|
| Beschreibung | This project is named the Online Computer and Laptop Store. This web application was developed to provide an online platform for exploring and ordering products for potential customers in a computer store or business. However, there is a serious vulnerability. The store has a avatar function in the administrator's office, which does not verify file content or modify any file suffixes. You can upload any file and obtain server permissions for harmful operations such as command execution through this vulnerability! |
|---|
| Quelle | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Upload%20any%20file%20at%20the%20administrator%20profile%20upload%20location.pdf |
|---|
| Benutzer | boyi (UID 40109) |
|---|
| Einreichung | 07.04.2023 11:06 (vor 3 Jahren) |
|---|
| Moderieren | 07.04.2023 18:40 (8 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 225319 [SourceCodester Online Computer and Laptop Store 1.0 Avatar /admin/?page=user erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|