Moss File Upload Vulnerability Allowing Arbitrary File Uploads

A file upload vulnerability has been identified in Moss versions prior to 0.15. The issue allows attackers to upload files of any extension to any location on the target server. The vulnerability arises from the 'upload' function configuration, which does not validate file extensions after upload, enabling path traversal and arbitrary file uploads.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could lead to further attacks such as remote code execution, depending on the server's file handling and execution policies.

Reproduction

To reproduce this vulnerability, send a POST request to the '/admin/api/config/upload' or '/admin/api/upload' endpoint. Include a JSON payload that specifies the upload configuration, such as the 'domain' path, 'storage' driver, and the file to be uploaded. The uploaded file will be placed in the user's directory on the server.