Exrick Xboot Unrestricted File Upload Vulnerability Allowing Remote Code Execution

A critical vulnerability exists in Exrick Xboot versions through 3.3.4, specifically within the Upload function of the UploadController.java file. This vulnerability allows for unrestricted file uploads by manipulating the File argument, which could be exploited to upload malicious files with arbitrary extensions. Such files could be used to execute stored Cross-Site Scripting (XSS) attacks or even Remote Code Execution (RCE) attacks.

Impact

Exploitation of this vulnerability leads to unrestricted file uploads, which can be used to execute stored XSS attacks or potentially RCE attacks, depending on the nature of the uploaded file.

Reproduction

To reproduce this vulnerability, send a POST request to the '/xboot/upload/file' endpoint with a file that has a dangerous extension. The request must include an 'accessToken' in the headers and can be made using a web browser or a tool like Postman. Once the file is uploaded, the vulnerability can be confirmed by checking if the uploaded file is processed in a way that executes any embedded scripts, such as JavaScript.