ShuoRen Smart Heating Integrated Management Platform Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in ShuoRen Smart Heating Integrated Management Platform version 1.0.0. The issue arises in the file '/MP/Service/Webservice/ExampleNodeService.asmx', where manipulation of the 'File' argument enables unauthorized file uploads. This vulnerability can be exploited remotely without authentication. Once a file is uploaded, it can be accessed and downloaded, as the upload path is disclosed and the uploaded files are publicly accessible.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to the execution of malicious files or scripts within the application's environment. Additionally, uploaded files can be downloaded, potentially exposing sensitive information or furthering exploitation.

Reproduction

To reproduce this vulnerability, send a POST request to '/MP/Service/Webservice/ExampleNodeService.asmx/UpFileToExample' with the 'file' parameter containing the file to be uploaded. The response will indicate a successful upload. After uploading, the file can be accessed by sending a request to '/MP/Service/Webservice/ExampleNodeService.asmx/GetExampleNodeStr', which will return the path of the uploaded file. The file can then be downloaded from the disclosed path.