Bolo-Blog Bolo-Solo Arbitrary File Write Vulnerability

An arbitrary file write vulnerability has been identified in Bolo-Blog Bolo-Solo versions through 2.6.4. The issue arises in the 'importFromCnblogs' function within 'BackupService.java', where user-supplied filenames are not properly validated. This lack of security validation allows for directory traversal attacks, enabling attackers to write files to arbitrary locations on the server. Exploitation of this vulnerability could lead to overwriting or creating files that are accessible via the web, potentially including scripts that could be executed remotely.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, which could be used to overwrite existing files or create new files in accessible locations on the server. This could lead to remote code execution if, for example, a web-executable script is uploaded.

Reproduction

To reproduce this vulnerability, send a POST request to the '/import/cnblogs' endpoint with a crafted filename that includes directory traversal sequences (such as '../') to manipulate the file path. The request should include a file payload, which will be written to the server using the specified filename, bypassing any security checks.