Share
## https://sploitus.com/exploit?id=BFEA664A-42A3-57A8-997C-08119CE73488
### multipartResolver κ°€ μ •μ˜λ˜μ§€ μ•Šκ±°λ‚˜ StandardServletMultipartResolver λ₯Ό λ“±λ‘ν–ˆμ„ λ•Œ
* ν†°μΊ£λ‚΄λΆ€ νŒ¨ν‚€μ§€μ˜ FileUpload λ₯Ό μ‚¬μš©ν•œλ‹€
* μ΄λ•Œ ν†°μΊ£ 버전은 9.0.71 보닀 컀야 함 (spring boot 2.7.8)
  * ν†°μΊ£μ˜ maxParameterCount(Default: 10000) 섀정이 FileUpload.setFileCountMax() 에 μ£Όμž… 됨
* Apache Commons Fileupload 의쑴 μ‚¬μš© ν•˜μ§€ μ•ŠμŒ

### multipartResolver λ₯Ό CommonsMultipartResolver 둜 등둝 ν–ˆμ„ λ•Œ
* Apache Commons Fileupload μ˜μ‘΄μ„± μΆ”κ°€ 돼야 함
  * 1.3.3 > 1.5 upgrade
* setFileCountMax() 을 μ„€μ •ν•˜μ§€ μ•ŠμœΌλ©΄ ν˜„ 일감 취약점에 포함 됨
  * ν†°μΊ£μ˜ maxParameterCount(Default: 10000) 섀정이 μ‚¬μš©λ˜μ§€ μ•ŠμŒ
* μ΄λ•Œμ—λŠ” ν†°μΊ£ 버전 μ—…κ·Έλ ˆμ΄λ“œλŠ” ν•„μš”ν•˜μ§€ μ•ŠμŒ

## Test
* TomcatConfig λ³€κ²½ν•˜μ—¬ μ‹€ν–‰
* /http/fileupload.http 호좜