StudentManager Unrestricted File Upload Vulnerability Allowing Stored Cross-Site Scripting

A critical vulnerability exists in StudentManager version 1.0, specifically within the Announcement Management section. The issue arises in the file '/upload/uploadArticle.do', where the 'File' argument can be manipulated to allow unrestricted file uploads. This vulnerability can be exploited remotely, and the uploaded files can contain malicious HTML, including JavaScript, which could be executed later.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which can lead to stored cross-site scripting. Malicious scripts embedded in uploaded files may be executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into the application as an admin user. Navigate to the Announcement Management section and use the 'uploadArticle.do' interface to upload a file. The upload request must be sent as a multipart/form-data POST request, including a file named '618.html' containing a script tag with JavaScript code, such as an alert. Once the file is uploaded, the injected script will be executed, demonstrating the cross-site scripting vulnerability.