jQuery File Upload Plugin Unrestricted File Upload Vulnerability
漏洞信息
漏洞名称: jQuery File Upload Plugin Unrestricted File Upload Vulnerability
漏洞编号:
- CVE: CVE-2014-8739
漏洞类型: 文件上传
漏洞等级: 严重
漏洞描述: ### 受影响产品
jQuery File Upload Plugin 是一个广泛使用的文件上传插件,支持多种文件上传方式,常用于网站中实现用户文件上传功能。由于其易用性和灵活性,该插件被广泛应用于各种Web应用中。
漏洞说明
该漏洞属于文件上传类型,具体原因是插件中的server/php/UploadHandler.php文件缺乏对上传文件类型的严格验证,导致远程攻击者可以上传任意PHP文件。攻击者通过上传带有PHP扩展名的文件,并直接访问该文件,即可在服务器上执行任意PHP代码。这种漏洞的根源在于服务器端未能正确验证上传文件的类型和内容,从而允许恶意文件的上传和执行。
影响分析
此漏洞的安全风险极高,被评为严重级别。攻击者利用此漏洞可以在目标服务器上执行任意代码,可能导致服务器被完全控制,数据泄露,服务中断等严重后果。由于漏洞利用不需要任何身份验证,且可以远程自动执行,因此攻击门槛低,危害性大。网站管理员应立即采取措施,更新插件版本或实施严格的文件上传验证机制,以防止潜在的攻击。
产品名称: jQuery File Upload Plugin
影响版本: 6.4.4
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12734
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
jQuery File Upload Plugin 6.4.4 contains an unrestricted file upload caused by lack of validation in server/php/UploadHandler.php, letting remote attackers execute arbitrary PHP code by uploading PHP files, exploit requires uploading a PHP file with a PHP extension and accessing it directly.
Severity: Critical
POC:
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.