Unrestricted File Upload Allowed due to Flawed Move File Functionality in octoprint/octoprint
Aug 15th 2022
Hope you are doing good.
Due to misconfiguration in move file functionality an attacker could easily change the file extension of the uploaded malicious file disguised as .gcode file.
1 . Upload a .gcode file & intercept the request as shown in the screenshots.
2 . Add malicious payload in the file content & keep file extension as .gcode.
3 . Now select the file & click on move button.
4 . Change the file extension to the html as shown in the screenshot & send the request.
5 . Copy the file download link & share it with the victim user. Once the file is opened payload will be executed.
Using this technique an attacker could trick a victim user in downloading a malicious file such as virus, html file containing cross site scripting payloads, etc.