You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I. Source code analysis
/src/main/java/com/geekcattle/controller/console/UeditorController.java
File upload. When an exception of file extension is detected, no exit or return.
II. Vulnerability testing
Ueditor editor, upload pictures.
The front end validates the file extension, so you need to upload a normal image file.
After using BurpSuite to intercept, modify the upload file name and content.
Geek-framework is a java development framework; the ueditor plug-in here is incomplete, but the back door is uploaded.
The text was updated successfully, but these errors were encountered:
I. Source code analysis
/src/main/java/com/geekcattle/controller/console/UeditorController.java
File upload. When an exception of file extension is detected, no exit or return.
II. Vulnerability testing
Ueditor editor, upload pictures.
The front end validates the file extension, so you need to upload a normal image file.
After using BurpSuite to intercept, modify the upload file name and content.
Geek-framework is a java development framework; the ueditor plug-in here is incomplete, but the back door is uploaded.
The text was updated successfully, but these errors were encountered: