代码拉取完成,页面将自动刷新
inxedu through 2018-12-24 has a vulnerability that can lead to upload malicious files.
1.The vulnerable code location is com.inxedu.os.common.controller.VideoUploadController#gok4 (com/inxedu/os/common/controller/VideoUploadController.java)
line 52 check the extention of the file uploaded, while we can control the value of fileType by change the param value of fileType.
2.POC
above, upload a jsp file,and change the vaule of fileType to "jpg,gif,png,jsp,jpeg",in which we add "jsp" type.
and the response returns the jsp file path.
Then we can visit the jsp file and run evil code.