Projectworlds Online Notes Sharing Platform Unrestricted File Upload Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in Projectworlds Online Notes Sharing Platform version 1.0. The issue resides in the file '/dashboard/userprofile.php', where the 'image' argument can be manipulated to bypass upload restrictions. This vulnerability can be exploited remotely and may lead to remote code execution.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to overwrite files, inject malicious files, traverse directories, or cause denial-of-service conditions. In remote cases, this could result in remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to '/dashboard/userprofile.php' with the 'image' argument containing a file named '[000000000.php' (including the brackets) and a 'uploadphoto' argument. The uploaded file will be processed by the application without proper validation, allowing for unrestricted file uploads.

Remediation

It is recommended to validate file types by implementing a whitelist of allowed extensions and verifying MIME types. Additionally, file content should be checked by examining file signatures to confirm actual types and reject files containing malicious scripts. Filenames should be sanitized by generating random unique names and removing special characters to prevent path traversal. Furthermore, file sizes should be restricted by setting server-side upload limits via configuration. Files should be stored securely, preferably outside the web root, and if they must be web-accessible, script execution in the upload directory should be restricted.