Malicious File Upload Vulnerability

[hacip]

UploadController.cs file does not have any security control if the Editor chose to upload a video.

Between Line 101 and 110 on UploadController.cs, it gets a file submitted via HTTP request (Line 20), sets a hard-coded destination for the upload (Custom/Media), and calls the UploadVideo function which is in the same file.

The UploadVideo function does only check if the target directory exists or not, but it does not check the file.

Therefore, it is possible to upload a malicious file that can run commands on the app server.

To mitigate, file type should be checked using a white-list approach, if the type of the fille is not known by the application, the upload function should return an error.

[VFA91]

Hi @hacip do you know any alternative to this repo? i want to do something similar to wordpress for users like this, the only thing is that this is not in .net Core, it works in any technology, thank you very much.

[Davi-Gray]

You could take a look at DotNetNuke (or "DNN" as they're calling it now). I definitely would not use BlogEngine.NET right now.