hyp3rlinx reported that Openfire v3.10.2 suffers from a arbitrary file upload vulnerability.
The application specifies that Plugin files (.jar) can be uploaded directly by using the form, however so can the following:
- Choose some malicious file using the File browser
- Click 'upload plugin'
Our malicious uploaded files will be stored under the '/openfire/plugins' directory.