| शीर्षक | SonicCloudOrg sonic-server 2.0.0 Injection |
|---|
| विवरण | Sonic Server provides file upload functionality through two endpoints: /upload and /upload/v2. Both endpoints accept a type parameter that is intended to specify the upload directory category (e.g., "keepFiles", "imageFiles", "recordFiles", "logFiles", "packageFiles"). However, the application does not enforce any validation on this parameter, allowing an attacker to supply directory traversal sequences such as ../ or ..\\.
The vulnerable code in FileTool.java directly concatenates the user-controlled folderName parameter into the file path without sanitization. It then uses mkdirs() to create directories and transferTo() to write files at the attacker-specified location, effectively bypassing any intended directory restrictions. |
|---|
| स्रोत | ⚠️ https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/2 |
|---|
| उपयोगकर्ता | cccccccti (UID 96695) |
|---|
| सबमिशन | 29/03/2026 11:24 AM (24 दिन पहले) |
|---|
| संयम | 19/04/2026 06:23 PM (21 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 358255 [SonicCloudOrg sonic-server तक 2.0.0 File Upload Endpoint FileTool.java upload प्रकार निर्देशिका ट्रैवर्सल] |
|---|
| अंक | 20 |
|---|