Harry0703 MoneyPrinterTurbo Unrestricted File Upload Vulnerability

A critical vulnerability has been identified in Harry0703 MoneyPrinterTurbo versions through 1.2.6. The issue resides in the 'upload_bgm_file' function within 'app/controllers/v1/video.py', part of the File Extension Handler component. This vulnerability allows for unrestricted file uploads by manipulating the 'File' argument, as the function only checks for '.mp3' extensions without verifying the actual content. Additionally, there are no file size limits, which could lead to resource exhaustion. Uploaded files retain their original names and can overwrite important system files.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are processed by the application. The lack of file size restrictions could also lead to denial of service by exhausting storage resources.

Reproduction

To reproduce this vulnerability, upload a file through the 'upload_bgm_file' function in 'app/controllers/v1/video.py'. Ensure the file has an '.mp3' extension, but be aware that the actual content type is not checked. There are no restrictions on file size, which could be exploited to fill up storage space. The uploaded file will be saved with its original filename, potentially overwriting critical system files.