| タイトル | https://github.com/yeqifu carRental latest Path Traversal |
|---|
| 説明 | carRental is an open-source web application developed based on SpringBoot. In carRental, there is neither permission verification nor input sanitization, which allows for path traversal and the ability to read arbitrary files.
com.yeqifu.sys.controller.FileController#downloadShowFile is the entrance to the taint, no authorization is required. The downloadFile() function in the com.yeqifu.sys.utils.AppFileUtils class does not filter the incoming path parameter and fails to validate, allowing attackers to inject characters such as ../ to perform path traversal, ultimately leading to arbitrary file download. The value of the path parameter uses a relative path format, allowing any file to be downloaded. |
|---|
| ソース | ⚠️ https://github.com/yeqifu/carRental/issues/46 |
|---|
| ユーザー | mukyuuhate (UID 93052) |
|---|
| 送信 | 2025年12月24日 14:26 (4 月 ago) |
|---|
| モデレーション | 2026年01月01日 12:31 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 339354 [yeqifu carRental 迄 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path ディレクトリトラバーサル] |
|---|
| ポイント | 20 |
|---|