提出 #672550: MoneyPrinterTurbo GitHub Repository MoneyPrinterTurbo 1.2.6 Arbitrary File Write
| タイトル | MoneyPrinterTurbo GitHub Repository MoneyPrinterTurbo 1.2.6 Arbitrary File Write |
|---|---|
| 説明 | A critical severity path traversal vulnerability exists in the music upload API endpoint (POST /api/v1/musics) of the application. The root cause of this vulnerability is the backend service's failure to adequately validate and sanitize the user-submitted filename parameter within multipart/form-data requests. An attacker can craft a filename containing path traversal sequences (../) and an absolute path to bypass the application's intended file storage directory restrictions. This allows a remote, authenticated attacker to write a file with arbitrary content to an arbitrary location on the server's filesystem. In the provided proof-of-concept, the attacker writes a malicious cron job to the highly sensitive /etc/cron.d/ directory. For this specific exploit vector to succeed, the cron service must be installed and running on the target server. An active cron service will execute tasks in this directory with root privileges, allowing the attacker to achieve full Remote Code Execution (RCE) within one minute and leading to a complete compromise of the victim server. |
| ソース | ⚠️ https:/ |
| ユーザー | xuanSAMA (UID 73290) |
| 送信 | 2025年10月10日 07:41 (8 月 ago) |
| モデレーション | 2025年10月10日 15:35 (8 hours later) |
| ステータス | 承諾済み |
| VulDBエントリ | 327929 [harry0703 MoneyPrinterTurbo 迄 1.2.6 API Endpoint music.py upload_music ファイル ディレクトリトラバーサル] |
| ポイント | 17 |