ashinigit XueShengZhuSu Path Traversal Vulnerability in Image File Upload Component

A critical path traversal vulnerability has been identified in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 versions prior to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. The issue arises in the Image File Upload component, specifically within the file upload processing. This vulnerability allows remote attackers to manipulate the uploaded file's path, potentially overwriting existing files or executing malicious scripts via stored cross-site scripting.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, overwriting of existing files, and the introduction of stored cross-site scripting payloads, which could be executed in the context of the user.

Reproduction

To reproduce this vulnerability, upload a JPEG image through the file upload feature. After the upload, intercept the request and change the file extension from JPG to HTML. This modification will bypass the file type restrictions and upload an HTML file instead, creating a stored cross-site scripting vulnerability. Additionally, the vulnerability can be exploited by adding directory traversal characters to the file name, allowing the uploaded file to overwrite existing files on the server.