| タイトル | newbee-mall V1.0 Unrestricted Upload |
|---|
| 説明 | There are arbitrary file uploads in the ltd/newbee/all/controller/common/uploadController. java file of the software newbee all. The code does not restrict the file upload suffix. Although the backend will verify whether it is an image, it can be bypassed by concatenating the content to be parsed after the binary data of the uploaded image, thus enabling arbitrary file upload. Although the uploaded file name becomes random, it will still return the uploaded file name, so it can be utilized. |
|---|
| ソース | ⚠️ https://github.com/yaklang/IRifyScanResult/blob/main/newbee-mall/arbitrary-file-upload-in-uploadController.md |
|---|
| ユーザー | 1098024193 (UID 45260) |
|---|
| 送信 | 2025年04月21日 05:51 (1 年 ago) |
|---|
| モデレーション | 2025年05月04日 09:05 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 307363 [newbee-mall 1.0 UploadController.java upload ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|