jfinal_cms icon indicating copy to clipboard operation
jfinal_cms copied to clipboard
verified publisher icon jflyfox

Arbitrary file upload vulnerability

Open SummerSec opened this issue 5 years ago • 2 comments

admin login required.

Under the template interface in the administrator interface, upload a normal file 1.txt burp intercept request package modify the file name to 1.jsp or any other suffix. Including but not only with JSP suffixes, EXE, C, PY, and more!

SummerSec avatar Apr 06 '20 09:04 SummerSec

FileManager add方法修改下,可以参考

    if (getConfig("upload-size") != null) {
	maxSize = Integer.parseInt(getConfig("upload-size"));
	if (maxSize != 0 && item.getSize() > (maxSize * 1024 * 1024)) {
	    this.error(sprintf(lang("UPLOAD_FILES_SMALLER_THAN"), maxSize + "Mb"));
	    error = true;
	}
    }

zcool321 avatar Apr 07 '20 02:04 zcool321

默认不就是这样子的?

SummerSec avatar Apr 07 '20 03:04 SummerSec