Code-Projects Library System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Code-Projects Library System version 1.0. This issue resides in the '/add-book.php' file, where the 'image' parameter can be manipulated to bypass file type and content validation. As a result, attackers can upload malicious PHP scripts, such as AntSword webshells, which can be used to gain full control over the target system. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious scripts that are executed on the server. This could lead to a complete compromise of the web server, allowing an attacker to execute commands, access sensitive data, and potentially move laterally within a network.

Reproduction

To reproduce this vulnerability, send a POST request to '/librarian/add-book.php' with the 'image' parameter containing a PHP file disguised as an image. The uploaded file will be stored in a web-accessible directory, where it can be executed as a script.

Remediation

It is recommended to implement strict file upload validations, such as whitelisting allowed file types and verifying MIME types and content before processing uploads. Additionally, uploaded files should be stored in non-web-accessible directories and with execution permissions disabled.