inkz
commented
3 months ago @maoning I would like to take this one :wave:
Closed maoning closed 2 months ago
inkz
commented
3 months ago @maoning I would like to take this one :wave:
maoning
commented
3 months ago Hi @inkz,
Thank you for picking up this request! Please make sure the following items are completed before the plugin implementation:
inkz
commented
3 months ago Affected versions < 4.11.0
One CVE covers both file traversal and SSRF vulnerability. This research focuses on file traversal.
path_or_url from the /file={path_or_url:path} endpoint of the Gradio API"..", which allows an attacker to inject traversal in the middle of the payload, e.g. if the relative path is compared to "/one/two" directory, an attacker can send "/one/two/three/../../../file.txt" and the resulting path will be "three/../../../file.txt" which not starts with ".." but has traversal inside. Link to the patchpath_or_url is checked to belong to one of the directories that are used inside the application. The check is incorrect due to incomplete sanitization, explained above, but anyway, the payload needs to start with one of those directory paths that it is compared to, either:
/tmp/gradio, but it is disclosed by the application in the different API call anyway, more on that later./tmp/gradio/foobar/../../../file.txt, the problem is that /tmp/gradio/foobar/ must exist or file read attempt will return an error (on linux and macOS machines)/upload endpoint comes in handy, when the file is sent to this endpoint it is saved in temporary directory and if the operation is successful the full path is returned,
e.g. after sending
curl -v -X POST -F files=@myfile.txt localhost:8000/uploadthe response is something similar to:
["/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/myfile.txt"]so it is possible to disclose the real path tmp directory and create a subdirectory inside that can be used for successful path traversal
/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd, e.g.
curl --path-as-is localhost:8000/file=/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd/upload endpoint and retrieve the temporary file path"/etc/passwd", like "/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd" (maybe you can recommend another file that should be requested?)/file= endpoint and retrieve file contentsinkz
commented
3 months ago @maoning PR for testbed: https://github.com/google/security-testbeds/pull/38
maoning
commented
3 months ago @inkz Thanks for the detailed analysis. Please submit our participation form and you can start working on the development.
inkz
commented
3 months ago @maoning submitted detector here: https://github.com/google/tsunami-security-scanner-plugins/pull/446
vsutedjo
commented
2 months ago Hi @inkz,
Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.
Thanks!
inkz
commented
2 months ago @vsutedjo thank you!
maoning
commented
3 weeks ago @inkz Thank you for the contribution, the reward has been granted.
inkz
commented
3 weeks ago @maoning thank you!
Create a Tsunami plugin to find exposed Gardio interface: https://github.com/gradio-app/gradio
Check if the followings are possible via exposed UI:
Please read the rules of engagement first at https://github.com/google/tsunami-security-scanner-plugins/issues/409.