Unrestricted Upload of File with any dangerous extension in polonel/trudesk
Valid
Reported on
Jun 2nd 2022
Description
Unrestricted Upload of File with any extension
Proof of Concept
1. Create a ticket
2. Upload a file with any dangerous extension
3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg
POC video:
https://drive.google.com/file/d/1FwS6zC1YaYXBFoPUsTqmjdM1V5buHDT-/view?usp=sharing
Impact
- Normal user can update a dangerous file that threat to the system
- Another users may download the dangerous file
Occurrences
We are processing your report and will contact the
polonel/trudesk
team within 24 hours.
23 days ago
Lê Ngọc Hoa modified the report
23 days ago
We have contacted a member of the
polonel/trudesk
team and are waiting to hear back
22 days ago
We have sent a
follow up to the
polonel/trudesk
team.
We will try again in 7 days.
19 days ago
Hi @maintainer, I see you read the report. Is it hard to understand or my PoC video does not work? You can ask me something. Thank you!
@admin hi admin, can you help me contact to maintainer? Thanks!
@lengochoa7112000 - our system will automatically continue to ping the maintainer. Please have patience. This maintainer is usually very active and so you should hear back from them shortly. To see how active they are, feel free to view their repository page:
The researcher's credibility has increased: +7
This has been fixed in v1.2.4. I will update this report once it is released.
Chris Brame
has been awarded the fix bounty
tickets.js#L703-L716
has been validated
to join this conversation