ZeroWdd MyBlog Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in ZeroWdd MyBlog version 1.0. The issue arises in the upload function of the file 'src/main/java/com/wdd/myblog/controller/admin/uploadController.java', where uploaded files are not properly processed, leading to arbitrary file uploads. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that are executed on the server, such as web shells or other types of malware.

Reproduction

To reproduce this vulnerability, send a POST request to '/admin/upload/file' without including cookies. The request must be multipart/form-data and should contain a file named 'file' with a .jsp extension, including a payload such as a JSP Trojan horse. The request should be sent from a browser or tool that can simulate the necessary headers and file upload process.