Insecure File Upload Vulnerability
Xiqinger opened this issue · 1 comments
1. PathTravel
The current implementation of the file upload functionality lacks proper filtering and validation of the uploaded file names. This allows attackers to upload files with malicious names that can potentially traverse to arbitrary paths on the server. By exploiting this vulnerability, an attacker can upload files to unintended directories, potentially compromising the system's integrity and confidentiality.
It is necessary to implement robust checks on the file name obtained from file.getOriginalFilename() to ensure it does not contain any path traversal sequences like "..". Additionally, validate the final path to ensure it falls within the intended directory specified by the "dir" parameter.
2. Duplicate File Uploads
The current implementation of the file upload feature does not include a file renaming mechanism. This poses a risk as it allows for the overwriting of existing files with the same name. This functionality gap can be exploited by attackers to maliciously overwrite files belonging to other users, leading to data loss or unauthorized access to sensitive information.