socket.io-file icon indicating copy to clipboard operation
socket.io-file copied to clipboard

Published 20 hours ago verified publisher icon rico345100

File type restriction bypass

Open Cr0wTom opened this issue 3 years ago • 1 comments

I just released my second 0day vulnerability regarding Socket.io-file. The advisory was supposed to get released on Saturday but nothing yet, so under the npm's policy I'm free to publicly disclose the vulnerability now.

The vulnerability affects all versions of socket.io-file and allows a malicious user to bypass the file type restrictions and upload any type of file to the server. Alongside my first 0day, and in specific configurations, they can lead to remote code execution in the underlying server.

Technical report: https://cr0wsplace.wordpress.com/2020/09/26/socket-io-file-2-0-31-file-type-restriction-bypass/

Please consider using another solution, as this project is completely outdated and I wouldn't bet on getting any future updates.

Cr0wTom avatar Sep 30 '20 22:09 Cr0wTom

Advisory: https://www.npmjs.com/advisories/1564

Cr0wTom avatar Oct 02 '20 16:10 Cr0wTom