Describe the bug
A html file can be uploaded with .html.aaa or .htm.aaa file extensions. When the file is opened, it executes the Javascript code inside it. On the other hand, file uploading with the .html. and .htm. file extensions are enough to execute Javascript for Linux servers. The WinRemoveTailDots plugin prevents uploading these file extensions using rtrim function for Windows server.
To Reproduce
Select arbitrary png file to upload.
Capture request with Burp and set content as test<img/src/onerror=alert(document.cookie)>
Set filename like test.html.aaa or test.htm.aaa
After forwarding the request, the file is successfully uploaded under the files directory.
@passtheticket Thank you for your report. I think this problem is caused by the fact that MIME detection of multiple extensions is not supported. I will fix this.
Describe the bug A html file can be uploaded with
.html.aaa
or.htm.aaa
file extensions. When the file is opened, it executes the Javascript code inside it. On the other hand, file uploading with the.html.
and.htm.
file extensions are enough to execute Javascript for Linux servers. TheWinRemoveTailDots
plugin prevents uploading these file extensions usingrtrim
function for Windows server.To Reproduce
test<img/src/onerror=alert(document.cookie)>
test.html.aaa
ortest.htm.aaa
Screenshots
![8](https://github.com/Studio-42/elFinder/assets/76125965/b6ae9d3d-7b45-4486-894d-6b2e39fc5455)
Tested on: