René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Malicious File Upload Vulnerability","articleBody":"UploadController.cs file does not have any security control if the Editor chose to upload a video. \r\n\r\nBetween Line 101 and 110 on UploadController.cs, it gets a file submitted via HTTP request (Line 20), sets a hard-coded destination for the upload (Custom/Media), and calls the UploadVideo function which is in the same file.\r\n\r\nThe UploadVideo function does only check if the target directory exists or not, but it does not check the file.\r\n\r\nTherefore, it is possible to upload a malicious file that can run commands on the app server. \r\n\r\nTo mitigate, file type should be checked using a white-list approach, if the type of the fille is not known by the application, the upload function should return an error.","author":{"url":"https://github.com/hacip","@type":"Person","name":"hacip"},"datePublished":"2023-06-20T18:12:00.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":2},"url":"https://github.com/269/BlogEngine.NET/issues/269"}