Unrestricted Upload of File with Dangerous Type in kalcaddle/kodexplorer

Valid

Reported on

Jun 20th 2021


✍️ Description

During file upload, there is no check if the file is already present or not which causes file to overwrite existing file.

🕵️‍♂️ Proof of Concept

Steps to reproduce:
1. Create 2 files of the same name and of different content.
2. Upload the first file and then the second file, you will see that the content of the file has been changed

💥 Impact

This vulnerability is capable of file overwrite.

Occurrences

We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back a year ago
warlee
a year ago

Maintainer


This is allowed. If the same name appears when uploading, it will be overwritten by default Personal center can set the processing method of the same name: rename / skip / overlay

warlee validated this vulnerability a year ago
x3rz has been awarded the disclosure bounty
The fix bounty is now up for grabs
warlee confirmed that a fix has been merged on 6d2521 a year ago
warlee has been awarded the fix bounty
to join this conversation