Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability - Filter can bypassed #9

Open
radiusmk opened this issue May 7, 2021 · 2 comments
Open

Vulnerability - Filter can bypassed #9

radiusmk opened this issue May 7, 2021 · 2 comments

Comments

@radiusmk
Copy link

radiusmk commented May 7, 2021

The plugin can be easily bypassed with a little trick on the request. I submitted an .exe file that on the interface seems like a .txt file. See de examples:

image

To explore the problem I made this request:

image

Any file extension can be used.
@radiusmk radiusmk changed the title Vulnerability - Filter bypass Vulnerability - Filter can bypassed May 7, 2021
@ajnyga
Copy link
Owner

ajnyga commented May 7, 2021

Thanks, sure, that's why I have underlined in the plugin description that this is not a security plugin. Just something that helps journals limit the file types they are receiving.

Having said that, I am happy to include a pr that will do a more detailed check if you have something ready.

@radiusmk
Copy link
Author

radiusmk commented May 7, 2021

I'm not a developer, but I think the easiest way to solve the problem is to check the "file" field in the request, in addition to the "name" field.

In checkUpload function only field "name"is validated.

Other way is check if "name" and "file" fields have same value before check extensions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ajnyga @radiusmk