Closed maoning closed 2 months ago
@maoning I would like to take this one :wave:
Hi @inkz,
Thank you for picking up this request! Please make sure the following items are completed before the plugin implementation:
Affected versions < 4.11.0
One CVE covers both file traversal and SSRF vulnerability. This research focuses on file traversal.
path_or_url
from the /file={path_or_url:path}
endpoint of the Gradio API".."
, which allows an attacker to inject traversal in the middle of the payload, e.g. if the relative path is compared to "/one/two"
directory, an attacker can send "/one/two/three/../../../file.txt"
and the resulting path will be "three/../../../file.txt"
which not starts with ".."
but has traversal inside. Link to the patchpath_or_url
is checked to belong to one of the directories that are used inside the application. The check is incorrect due to incomplete sanitization, explained above, but anyway, the payload needs to start with one of those directory paths that it is compared to, either:
/tmp/gradio
, but it is disclosed by the application in the different API call anyway, more on that later./tmp/gradio/foobar/../../../file.txt
, the problem is that /tmp/gradio/foobar/
must exist or file read attempt will return an error (on linux and macOS machines)/upload
endpoint comes in handy, when the file is sent to this endpoint it is saved in temporary directory and if the operation is successful the full path is returned,
e.g. after sending
curl -v -X POST -F files=@myfile.txt localhost:8000/upload
the response is something similar to:
["/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/myfile.txt"]
so it is possible to disclose the real path tmp directory and create a subdirectory inside that can be used for successful path traversal
/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd
, e.g.
curl --path-as-is localhost:8000/file=/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd
/upload
endpoint and retrieve the temporary file path"/etc/passwd"
, like "/tmp/gradio/9dbba294c83fef4e2a0ce799f105514d8e4c6d25/../../../etc/passwd"
(maybe you can recommend another file that should be requested?)/file=
endpoint and retrieve file contents@maoning PR for testbed: https://github.com/google/security-testbeds/pull/38
@inkz Thanks for the detailed analysis. Please submit our participation form and you can start working on the development.
@maoning submitted detector here: https://github.com/google/tsunami-security-scanner-plugins/pull/446
Hi @inkz,
Your PR has been merged. This usually means a reward will be granted. Google will start the internal QC process and the reward amount will be determined based on the quality of the detector report. Please be patient and allow up to a week for the QC process to finish. You'll be notified once the decision is made.
Thanks!
@vsutedjo thank you!
@inkz Thank you for the contribution, the reward has been granted.
@maoning thank you!
Create a Tsunami plugin to find exposed Gardio interface: https://github.com/gradio-app/gradio
Check if the followings are possible via exposed UI:
Please read the rules of engagement first at https://github.com/google/tsunami-security-scanner-plugins/issues/409.