JoeyBling SpringBoot_MyBatisPlus Unrestricted File Upload Vulnerability in SysFileController

A critical vulnerability allowing unrestricted file uploads has been identified in JoeyBling SpringBoot_MyBatisPlus versions up to a6a825513bd688f717dbae3a196bc9c9622fea26. The issue resides in the SysFileController, specifically within the file upload function. The vulnerability arises from the manipulation of the portraitFile argument, which lacks proper validation, enabling the upload of potentially malicious files. This flaw can be exploited remotely, and public knowledge of the vulnerability includes details on how to exploit it.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of malicious files on the server. In this case, it has been demonstrated that uploaded files can be used to execute system commands, such as 'whoami', indicating a command execution vulnerability.

Reproduction

To reproduce this vulnerability, upload a file through the '/file/upload' endpoint of the SysFileController. The file should be crafted to exploit the unrestricted upload feature, such as a FreeMarker template file that, once uploaded, can be used to execute system commands via the FreeMarker template engine.