SingMR HouseRent Unrestricted File Upload Vulnerability in AddHouseController

A critical vulnerability allowing arbitrary file uploads has been identified in SingMR HouseRent version 1.0. The issue arises in the 'singleUpload' function of the 'AddHouseController.java' file, where uploaded files are not properly restricted. This vulnerability can be exploited remotely, and the details of the exploit have been made public.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to various attacks depending on the uploaded file type and the application's file handling practices.

Reproduction

To reproduce this vulnerability, access the '/addHouse' endpoint without logging in. The application only performs front-end validation on the file name during the upload process. After bypassing this check, upload a file through the 'singleUpload' endpoint, ensuring to include a script payload in the file's content. Once the file is uploaded, it will be saved to the default path 'D:/file/', where it can be accessed or executed, depending on the file type.