Arbitrary File Upload Vulnerability

 # Description
The endpoint: `http://localhost:8080/StudentManager/upload/uploadImg.do` contains an arbitrary file upload vulnerability. The backend upload logic does not perform any validation or restriction on the uploaded file type, file extension, or content. As a result, an attacker can upload malicious files, including JSP webshells, to the server.

# Upload a malicious JSP file (1769848404889test.jsp) via:

POST /StudentManager/upload/uploadImg.do

Response
```{
  "code": 0,
  "msg": "成功",
  "data": {
    "fileName": null,
    "src": "pictures/1769848404889test.jsp"
  }
}
```

# Result

The uploaded JSP file is accessible and executable via the browser:

http://localhost:8080/StudentManager/pictures/1769848404889test.jsp
<img width="940" height="357" alt="Image" src="https://github.com/user-attachments/assets/456974b7-8c60-4dcb-807b-4454bb7d3af1" />
This confirms that the JSP file was successfully uploaded.


In the deployed environment, JSP files under this directory are parsed and executed by the server, leading to remote code execution (RCE).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Arbitrary File Upload Vulnerability #8

Description

Upload a malicious JSP file (1769848404889test.jsp) via:

Result

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Arbitrary File Upload Vulnerability #8

Description

Description

Upload a malicious JSP file (1769848404889test.jsp) via:

Result

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions