Target : Drogon
https://github.com/drogonframework/drogon
GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows
Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows - GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running ...
github.com
Description
HttpFile::save() 메소드를 사용하여 파일 업로드 시 파일 이름을 검증하지 않아 취약점 발생
상대경로로 작성하여 원하는 위치에 파일을 업로드 할 수 있다.
PoC
filename = "../../../../../../malicious-file"
관련 링크
https://security.snyk.io/vuln/SNYK-UNMANAGED-DROGONFRAMEWORKDROGON-2407243
Snyk Vulnerability Database | Snyk
Snyk Vulnerability Database
security.snyk.io
GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows
Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows - GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running ...
github.com
https://github.com/drogonframework/drogon/pull/1170
Prevent malformed upload path causing arbitrary write by marty1885 · Pull Request #1170 · drogonframework/drogon
This PR prevents a malformed upload path causing the upload function to write outside of the destination directory by checking the upload path. TBH I'm not 100% sure my patch fixes everything and d...
github.com
https://github.com/drogonframework/drogon/pull/1174
Prevent malformed upload path causing arbitrary write by Kirill89 · Pull Request #1174 · drogonframework/drogon
I suggest to use this implementation instead of #1170 .
github.com
'취약점.' 카테고리의 다른 글
| 'csv-plus' HTML Injection 취약점 #CVE-2022-21241 (0) | 2022.08.01 |
|---|---|
| 'getgrav/grav' XSS 취약점 #CVE-2022-0268 (0) | 2022.07.17 |
| 'Bodymem' Prototye Pollution 취약점 #CVE-2022-25296 (0) | 2022.07.13 |
댓글