Code-Projects Online Note Sharing Unrestricted File Upload Vulnerability

A critical vulnerability allowing arbitrary file uploads has been identified in Code-Projects Online Note Sharing version 1.0. The issue arises in the Profile Image Handler component, specifically within the userprofile.php file. Due to inadequate validation of uploaded files, attackers can upload malicious files, such as PHP shells, which are then stored in publicly accessible directories. This vulnerability can be exploited remotely, potentially leading to full server compromise, data theft or manipulation, unauthorized access to sensitive information, and disruption of services.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to upload malicious scripts that are executed on the server. This could result in a complete compromise of the server, theft or manipulation of data, unauthorized access to sensitive information, and disruption of services.

Reproduction

To reproduce this vulnerability, upload a file through the profile picture upload function in userprofile.php. Intercept the upload request with a tool like Burp Suite, and modify the request to bypass file type checks, such as renaming a PHP shell payload to a JPEG file. After uploading, access the file via its public URL and execute the uploaded PHP code on the server.