Headline
CVE-2021-42967: There is unrestricted file upload in your source code. · Issue #62 · 201206030/novel-plus
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.
File path: /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java
Code:
It allows unrestricted file upload.
@ResponseBody
@PostMapping("/upload")
R upload(@RequestParam("file") MultipartFile file, HttpServletRequest request) {
if ("test".equals(getUsername())) {
return R.error(1, "演示系统不允许修改,完整体验请部署程序");
}
Date date = new Date();
String year = DateUtils.format(date,DateUtils.YEAR_PATTERN);
String month = DateUtils.format(date,DateUtils.MONTH_PATTERN);
String day = DateUtils.format(date,DateUtils.DAY_PATTERN);
String fileName = file.getOriginalFilename();
String fileDir = year+"/"+month+"/"+day + "/";
fileName = FileUtil.renameToUUID(fileName);
FileDO sysFile = new FileDO(FileType.fileType(fileName), "/files/" + fileDir + fileName, date);
try {
FileUtil.uploadFile(file.getBytes(), jnConfig.getUploadPath()+fileDir, fileName);
} catch (Exception e) {
return R.error();
}
if (sysFileService.save(sysFile) > 0) {
return R.ok().put("fileName",sysFile.getUrl());
}
return R.error();
}
Achieve the purpose of attacking the server by uploading evil jsp files.
Example: