My-Blog-layui Unrestricted File Upload Vulnerability in Admin Upload Function
Vulnerability
A critical arbitrary file upload vulnerability has been identified in My-Blog-layui version 1.0. The issue resides in the Upload function of the AdminController, specifically within the /admin/upload/authorImg/ interface. This vulnerability allows for unrestricted file uploads, as the interface does not impose any limitations on the types of files that can be uploaded. The vulnerability can be exploited remotely, and the exploit has been publicly disclosed.
Impact
Exploitation of this vulnerability allows for arbitrary file upload, which could lead to the execution of uploaded files if the application processes them in a certain way.
Reproduction
To reproduce this vulnerability, send a POST request to the /admin/upload/authorImg/ endpoint. The request must include a file in the multipart/form-data format. The uploaded file can be a JSP file containing a payload, such as a command to execute an application like the calculator.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.