Unrestricted Upload of File with any dangerous extension in polonel/trudesk

Valid

Reported on

Jun 2nd 2022


Description

Unrestricted Upload of File with any extension

Proof of Concept

1. Create a ticket
2. Upload a file with any dangerous extension
3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg

POC video:
https://drive.google.com/file/d/1FwS6zC1YaYXBFoPUsTqmjdM1V5buHDT-/view?usp=sharing

Impact

  • Normal user can update a dangerous file that threat to the system
  • Another users may download the dangerous file
We are processing your report and will contact the polonel/trudesk team within 24 hours. a year ago
Lê Ngọc Hoa modified the report
a year ago
We have contacted a member of the polonel/trudesk team and are waiting to hear back a year ago
We have sent a follow up to the polonel/trudesk team. We will try again in 7 days. a year ago
polonel/trudesk maintainer has acknowledged this report a year ago
Lê Ngọc Hoa
a year ago

Researcher


Hi @maintainer, I see you read the report. Is it hard to understand or my PoC video does not work? You can ask me something. Thank you!

Lê Ngọc Hoa
a year ago

Researcher


@admin hi admin, can you help me contact to maintainer? Thanks!

Jamie Slome
a year ago

Admin


@lengochoa7112000 - our system will automatically continue to ping the maintainer. Please have patience. This maintainer is usually very active and so you should hear back from them shortly. To see how active they are, feel free to view their repository page:

polonel/trudesk

Chris assigned a CVE to this report a year ago
Chris validated this vulnerability a year ago
Lê Ngọc Hoa has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris
a year ago

Maintainer


This has been fixed in v1.2.4. I will update this report once it is released.

Chris marked this as fixed in 1.2.4 with commit fb2ef8 a year ago
Chris has been awarded the fix bounty
This vulnerability will not receive a CVE
tickets.js#L703-L716 has been validated
to join this conversation