Good evening friends. Recently we have seen how to exploit server credential disclosure vulnerability in Webnms framework 5.2. This time around researchers found an arbitrary file upload vulnerability in the Webnms framework 5.2.
The Fileuploadservlet has a directory traversal vulnerability in the “filename” parameter which allows an unauthenticated user to upload a jsp file. We can only upload text files and to achieve RCE , they need to be dropped in ../jsp/ folder with names only as login.jsp or webstartXXX.jsp ( where XXX is string of any length).
Here is the code vulnerable to arbitrary file upload.