JoeyBling Bootplus Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in JoeyBling Bootplus versions through commit 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. The issue arises in the SysFileController.java file, where the upload method fails to properly validate uploaded files. This flaw enables the upload of potentially malicious JSP and HTML files, which could be exploited to execute harmful scripts. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are later executed on the server.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/file/upload' endpoint with a file named 'test.html' or 'test.jsp'. The request must include the 'X-Requested-With' header set to 'XMLHttpRequest' and the 'Content-Type' set to 'multipart/form-data'. The uploaded file can contain a script tag with JavaScript code, which will be executed if the file is processed as HTML, or JSP code that will be executed on the server if the file is saved with a .jsp extension.