Unrestricted Upload of File with any dangerous extension in polonel/trudesk

Valid

Reported on

Jun 2nd 2022


Description

Unrestricted Upload of File with any extension

Proof of Concept

1. Create a ticket
2. Upload a file with any dangerous extension
3. Intercept the request in Burp Suite, replace the Content-Type with image/jpeg

POC video:
https://drive.google.com/file/d/1FwS6zC1YaYXBFoPUsTqmjdM1V5buHDT-/view?usp=sharing

Impact

  • Normal user can update a dangerous file that threat to the system
  • Another users may download the dangerous file
We are processing your report and will contact the polonel/trudesk team within 24 hours. 23 days ago
Lê Ngọc Hoa modified the report
23 days ago
We have contacted a member of the polonel/trudesk team and are waiting to hear back 22 days ago
We have sent a follow up to the polonel/trudesk team. We will try again in 7 days. 19 days ago
polonel/trudesk maintainer has acknowledged this report 18 days ago
Lê Ngọc Hoa
17 days ago

Researcher


Hi @maintainer, I see you read the report. Is it hard to understand or my PoC video does not work? You can ask me something. Thank you!

Lê Ngọc Hoa
15 days ago

Researcher


@admin hi admin, can you help me contact to maintainer? Thanks!

Jamie Slome
13 days ago

Admin


@lengochoa7112000 - our system will automatically continue to ping the maintainer. Please have patience. This maintainer is usually very active and so you should hear back from them shortly. To see how active they are, feel free to view their repository page:

polonel/trudesk

Chris Brame assigned a CVE to this report 7 days ago
Chris Brame validated this vulnerability 7 days ago
Lê Ngọc Hoa has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris Brame
7 days ago

Maintainer


This has been fixed in v1.2.4. I will update this report once it is released.

Chris Brame confirmed that a fix has been merged on fb2ef8 6 days ago
Chris Brame has been awarded the fix bounty
tickets.js#L703-L716 has been validated
to join this conversation