Geeks
TDuckCloud
/
tduck-platform
Readme
Issues
Stargazers
Watchers
XSS vulnerability caused by file upload(tduck-platform4.0)
Opened this issue
a year ago
·
2
comments
libaibaia
commented
a year ago
upload code:
https://github.com/TDuckCloud/tduck-platform/blob/master/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UploadFileController.java
Create a test form system
After creating the form system, upload the HTML file, you can see that the request does not contain authentication information
Background preview data execution script
0yingteam
commented
a year ago
这么快的么?我两周前也审计到了这个
0yingteam
commented
a year ago
从审计角度还有一个默认账号的高危漏洞
