SUKOHI
commented
9 years ago Hi, coxw. I fixed the vulnerability you noticed by checking if a specific directory exists or not and checking the directory is writable.(So, we must make directories we want to save images in advance now.) I wonder this has completely fixed the vulnerability?
If you have some idea, could you inform me of it. Thank you in advance.:)
https://github.com/SUKOHI/Surpass/blob/master/src/views/js.blade.php#L181
The folder name of the destination for files can be set in the DOM, and leaves a vulnerability on the site for users uploading images and setting whatever directory they want, and potentially overriding other images. The specific issue relates to where it outputs:
TUName.formData = {"surpass_hidden_dir":"name","surpass_keys":"{\"input\":\"image_upload\",\"preview\":\"preview_images\"}"};