| Title | moxi159753 mogu_blog_v2 <=v5.2 Unrestricted Upload of File with Dangerous Type |
|---|
| Description | mogu_blog_v2, a microservice-based blog system, contains a critical unauthenticated arbitrary file upload vulnerability in the /file/pictures endpoint. The Spring Security configuration permits unauthenticated access to /file/** endpoints, and the uploadPics controller method does not perform authentication checks. When the source parameter is set to picture, the application accepts client-provided userUid, adminUid, projectName, and sortName values from request parameters without validation. The code only verifies these fields are non-empty (not null) but does not authenticate users or validate UIDs against the database. The FileUtils.isSafe() method permits dangerous file types including HTML, JavaScript, CSS, SQL, Java, and Vue files. Attackers can upload malicious HTML files containing JavaScript to conduct stored XSS attacks, phishing pages, malware distribution, and website defacement. Files are stored in predictable, publicly accessible directories and can be executed in victims' browsers. The complete absence of authentication combined with permissive file type validation allows attackers to host arbitrary malicious content on the legitimate domain without any credentials. |
|---|
| Source | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-unrestricted_upload-1/report.md |
|---|
| User | sh7err04 (UID 92493) |
|---|
| Submission | 11/10/2025 14:33 (7 months ago) |
|---|
| Moderation | 11/30/2025 20:51 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 333824 [moxi159753 Mogu Blog v2 up to 5.2 /file/pictures filedatas unrestricted upload] |
|---|
| Points | 20 |
|---|