There is an unrestricted file upload vulnerability to GetShell

There is a serious arbitrary file upload vulnerability In the file upload operation of weixinCmsSiteController.
![image](https://user-images.githubusercontent.com/24394960/55506714-b85aa500-5688-11e9-9a9f-f70dce68e856.png)
![image](https://user-images.githubusercontent.com/24394960/55507238-ca891300-5689-11e9-817d-4c64581f19a7.png)

With no checking of file type , an evil jsp script can be uploaded and the file url in the server will return in the response.Then it can be a webshell.
![image](https://user-images.githubusercontent.com/24394960/55507390-25bb0580-568a-11e9-95fd-8ae434278986.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is an unrestricted file upload vulnerability to GetShell #4

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is an unrestricted file upload vulnerability to GetShell #4

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions