tduck-platform icon indicating copy to clipboard operation
tduck-platform copied to clipboard

Published 20 hours ago verified publisher icon TDuckCloud

XSS vulnerability caused by file upload(tduck-platform4.0)

Open libaibaia opened this issue 2 years ago • 2 comments

  1. upload code: https://github.com/TDuckCloud/tduck-platform/blob/master/tduck-api/src/main/java/com/tduck/cloud/api/web/controller/UploadFileController.java image
  • Create a test form system image
  1. After creating the form system, upload the HTML file, you can see that the request does not contain authentication information image image image
  2. Background preview data execution script image

libaibaia avatar Jun 27 '23 09:06 libaibaia

这么快的么?我两周前也审计到了这个

0yingteam avatar Oct 24 '23 07:10 0yingteam

从审计角度还有一个默认账号的高危漏洞

0yingteam avatar Oct 24 '23 07:10 0yingteam