Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Jan 21st 2022
Hi there, I would like to report a vulnerability that allows a hacker to upload dangerous file type in jsdecena/laracom.
Attacker must have an account with permission to Edit Product (E.g.
Then, he can upload malcious file with extensions such as html, svg,... which leads to XSS.
Proof of Concept
After login, go to
Products / List Products, click on
Actions / Edit.
Imagesfields, upload html files with xss payload inside. For example:
<script> alert(document.cookie) </script>.
updatebutton to save.
Demo Video: https://drive.google.com/file/d/1BsfbHp1I47E02ZKaa6ZhcjmHMxD6Jho4/view?usp=sharing
This vulnerability is capable of uploading dangerous file to serve