| عنوان | Kingdee Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Directory Traversal and Arbitrary File Reading Vulnerability |
|---|
| الوصف | 1. Vulnerability Name :
Directory Traversal and Arbitrary File Reading Vulnerability of Kingdee Cloud-Starry-Sky Enterprise Edition's IIS-K3CloudMiniApp
2. Vulnerability contributor and submitter: caichaoxiong
3. Vulnerability level: High risk.
4. Vulnerability Description :
Kingdee Cloud Star Enterprise Edition application software component IIS-K3CloudMiniApp has path traversal and arbitrary file reading vulnerabilities due to security defects. Attackers can bypass the expected directory restrictions of Kingdee Cloud Star Enterprise Edition application by constructing special path strings (such as ../../ or ..\..\), resulting in access to arbitrary sensitive files on the application system, leading to large-scale sensitive information leakage.
5. Repair plan:
(1)Path jump symbol interception
Strictly filter the path parameters input by users at the code level, and use regular expressions to intercept jump characters such as ../, ..\, and their encoding forms (such as %2e%2e%, %c0%ae%) .
(2)Whitelist verification mechanism
Set a whitelist for the file paths or extensions that are allowed to be accessed, for example, only allow access to business-essential files such as .jpg and .pdf in the specified directory . Dynamically generate file IDs instead of directly exposing the file path to prevent path tampering through parameters.
(3) Minimize file permissions
The permissions of the web application running account are limited to accessing only business directories (such as /var/www/html) and are prohibited from reading system sensitive files (such as /etc/passwd) .
(4) Path normalization and encoding processing
Normalize the user input path, parse the absolute path and check whether it is within the allowed range .
|
|---|
| المصدر | ⚠️ https://wx.mail.qq.com/s?k=hk3Fixc6Z1cKMI9rge |
|---|
| المستخدم | caichaoxiong (UID 84060) |
|---|
| ارسال | 08/05/2025 12:16 PM (12 أشهر منذ) |
|---|
| الاعتدال | 04/08/2025 07:57 AM (3 months later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 318642 [Kingdee Cloud-Starry-Sky Enterprise Edition حتى 8.2 IIS-K3CloudMiniApp FileUploadAction.class filePath اجتياز الدليل] |
|---|
| النقاط | 17 |
|---|