| 제목 | https://github.com/1541492390c/yougou-mall yougou-mall 1.0 Delete any file |
|---|
| 설명 | The 1.0 version of Yougou all's ResourceController. java interface has an arbitrary file deletion vulnerability, as its interface does not fully detect file names and directories, allowing attackers to exploit it The./symbol is encoded to bypass detection, causing arbitrary file deletion.
This code only segments the target string using '/' and only verifies if the segmented segment is' Or To prevent path traversal risks, this protection mechanism has significant flaws. Attackers can bypass detection in various ways, triggering directory traversal vulnerabilities and ultimately leading to high-risk security consequences such as arbitrary file deletion |
|---|
| 원천 | ⚠️ https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
|---|
| 사용자 | zyhsec (UID 93418) |
|---|
| 제출 | 2025. 12. 21. AM 10:38 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 27. PM 09:08 (6 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 337600 [1541492390c yougou-mall 까지 0a771fa817c924efe52c8fe0a9a6658eee675f9f ResourceController.java upload/delete 디렉토리 순회] |
|---|
| 포인트들 | 0 |
|---|