Unrestricted Upload of File with Dangerous Type in kalcaddle/kodexplorer
Jun 20th 2021
During file upload, there is no check if the file is already present or not which causes file to overwrite existing file.
🕵️♂️ Proof of Concept
Steps to reproduce: 1. Create 2 files of the same name and of different content. 2. Upload the first file and then the second file, you will see that the content of the file has been changed
This vulnerability is capable of file overwrite.
We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back 2 years ago
commented 2 years ago
This is allowed. If the same name appears when uploading, it will be overwritten by default Personal center can set the processing method of the same name: rename / skip / overlay
to join this conversation