search

sjqzhang / go-fastdfs

go-fastdfs 是一个简单的分布式文件系统(私有云存储),具有无中心、高性能,高可靠,免维护等优点,支持断点续传,分块上传,小文件合并,自动同步,自动修复。Go-fastdfs is a simple distributed file system (private cloud storage), with no center, high performance, high reliability, maintenance free and other advantages, support breakpoint continuation, block upload, small file merge, automatic synchronization, automatic repair.(similar fastdfs).
https://gitee.com/sjqzhang/go-fastdfs
The Unlicense
3.94k stars 747 forks source link

Path traversal in sjqzhang/go-fastdfs #392

Closed an5er closed 1 year ago

an5er commented 1 year ago

Description

When uploading files, there are no restrictions on file names and custom paths, so you can upload files to any directory through ../

Proof of Concept

1 图片 2 图片 3 图片 You can see that the files we uploaded are uploaded to the root directory

Impact

If the user disables enable_distinct_file, RCE can be performed by rewriting the configuration file, such as rewriting the ssh password to take over 图片

if enable_distinct_file is ture ,the ability to upload files to any location indicates that we may hijack the dynamic link library by uploading the dynamic link library to a high-priority directory, resulting in RCE 图片

lzskyline commented 1 year ago

title: "go-fastdfs"

sjqzhang commented 1 year ago

问题已经在v1.4.4上修复