| Title | chaitak-gorai blogbook latest version as of 2025/05/23 Unrestricted Upload |
|---|
| Description | The BlogBook application is vulnerable to unrestricted file upload in its post creation feature. The image parameter, intended for uploading post images, does not perform adequate validation or filtering on the type or extension of the uploaded file. An authenticated attacker with privileges to create posts (e.g., an administrator or author) can exploit this vulnerability by uploading a file with a malicious extension (e.g., .php, .phtml) containing server-side code.
The uploaded malicious file is moved to a web-accessible directory (../images/) using its original filename. The attacker can then directly access this uploaded file via its URL, triggering the execution of the embedded server-side code. This leads to Remote Code Execution (RCE) on the server, granting the attacker full control over the web server process, and potentially the underlying system depending on server configuration and permissions.
The vulnerability was confirmed by successfully uploading a PHP webshell via the "add post" functionality and subsequently connecting to it using AntSword, demonstrating arbitrary command execution capabilities. |
|---|
| Source | ⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20posts.php%20add_post%20post_image%20Parameter%20Unrestricted%20Upload.md |
|---|
| User | bpy9ft (UID 85221) |
|---|
| Submission | 05/23/2025 05:18 (1 Year ago) |
|---|
| Moderation | 05/31/2025 18:13 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310746 [chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 posts.php?source=add_post image unrestricted upload] |
|---|
| Points | 20 |
|---|