| Título | MoneyPrinterTurbo GitHub Repository MoneyPrinterTurbo 1.2.6 Arbitrary File Write |
|---|
| Descripción | A critical severity path traversal vulnerability exists in the music upload API endpoint (POST /api/v1/musics) of the application.
The root cause of this vulnerability is the backend service's failure to adequately validate and sanitize the user-submitted filename parameter within multipart/form-data requests. An attacker can craft a filename containing path traversal sequences (../) and an absolute path to bypass the application's intended file storage directory restrictions.
This allows a remote, authenticated attacker to write a file with arbitrary content to an arbitrary location on the server's filesystem. In the provided proof-of-concept, the attacker writes a malicious cron job to the highly sensitive /etc/cron.d/ directory. For this specific exploit vector to succeed, the cron service must be installed and running on the target server. An active cron service will execute tasks in this directory with root privileges, allowing the attacker to achieve full Remote Code Execution (RCE) within one minute and leading to a complete compromise of the victim server. |
|---|
| Fuente | ⚠️ https://www.notion.so/Arbitrary-File-Write-Vulnerability-in-MoneyPrinterTurbo-1-2-6-288014c4d9ca809bb411e4fe875d1e22 |
|---|
| Usuario | xuanSAMA (UID 73290) |
|---|
| Sumisión | 2025-10-10 07:41 (hace 8 meses) |
|---|
| Moderación | 2025-10-10 15:35 (8 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 327929 [harry0703 MoneyPrinterTurbo hasta 1.2.6 API Endpoint music.py upload_music Archivo recorrido de directorios] |
|---|
| Puntos | 17 |
|---|