Chaitak-Gorai Blogbook Unrestricted File Upload Vulnerability in Post Creation Feature

A critical vulnerability allowing unrestricted file uploads has been identified in Chaitak-Gorai Blogbook versions prior to commit 92f5cf90f8a7e6566b576fe0952e14e1c6736513. The issue resides in the post creation functionality, specifically within the 'image' parameter of the '/admin/posts.php?source=add_post' file. This vulnerability can be exploited remotely by authenticated users with privileges to create posts, such as administrators or authors. The lack of proper validation on uploaded file types and extensions enables the upload of malicious files, including those with server-side code, leading to remote code execution on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, with uploaded files being moved to a web-accessible directory. This could be used to upload malicious files, such as web shells, which could then be accessed and executed, potentially leading to full control over the web server and, depending on the server's configuration, the underlying system.

Reproduction

To reproduce this vulnerability, log into the Blogbook application as a user with post creation privileges. Navigate to the 'Add Post' section in the admin panel. In the post creation form, upload a file through the 'image' parameter. The uploaded file should be a PHP file containing malicious code, such as a web shell. Once the post is published, the uploaded file can be accessed via its URL, executing the embedded code and demonstrating the successful exploitation of the vulnerability.