in firefly-iii/firefly-iii

2021-10-01T08:43:15
ID 5267EC1C-D204-40D2-BD4F-6C2DD495EE18
Type huntr
Reporter 0xamal
Modified 2021-10-01T09:06:12

Description

``` Description file upload vulnerability in application

Proof of Concept step to reproduce 1)login to application 2) goto https://demo.firefly-iii.org/create-from-bill/1 3) upload file any kind of file application accept Reference PoC 1) https://i.ibb.co/9wWRnsf/Screenshot-12.png 2)https://i.ibb.co/68NRd4m/Screenshot-13.png

while creating new bill user is able to upload any kind of malicious file which will allows attacker to run remote code to compromise appliation.

code

<input multiple="multiple" helptext="Maximum file size: 64 MB" class="form-control" id="ffInput_attachments" autocomplete="off" placeholder="Attachments" name="attachments[]" type="file">

Solution : define file type validation in client side of the application to validate the file extension ```