Unrestricted Upload of File with Dangerous Type in kalcaddle/kodexplorer

Valid
Reported on Jun 20th 2021

✍️ Description

During file upload, there is no check if the file is already present or not which causes file to overwrite existing file.

🕵️‍♂️ Proof of Concept

Steps to reproduce:
1. Create 2 files of the same name and of different content.
2. Upload the first file and then the second file, you will see that the content of the file has been changed

💥 Impact

This vulnerability is capable of file overwrite.

We have contacted a member of the kalcaddle/kodexplorer team and are waiting to hear back a month ago
warlee
25 days ago

Maintainer


This is allowed. If the same name appears when uploading, it will be overwritten by default Personal center can set the processing method of the same name: rename / skip / overlay

warlee validated this vulnerability 25 days ago
x3rz has been awarded the disclosure bounty
$80
The fix bounty is now up for grabs
$20
warlee confirmed that a fix has been merged on 6d2521 25 days ago
warlee has been awarded the fix bounty
$20