| 제목 | https://github.com/yeqifu carRental latest Path Traversal |
|---|
| 설명 | carRental is an open-source web application developed based on SpringBoot. In carRental, there is neither permission verification nor input sanitization, which allows for path traversal and the ability to read arbitrary files.
com.yeqifu.sys.controller.FileController#downloadShowFile is the entrance to the taint, no authorization is required. The downloadFile() function in the com.yeqifu.sys.utils.AppFileUtils class does not filter the incoming path parameter and fails to validate, allowing attackers to inject characters such as ../ to perform path traversal, ultimately leading to arbitrary file download. The value of the path parameter uses a relative path format, allowing any file to be downloaded. |
|---|
| 원천 | ⚠️ https://github.com/yeqifu/carRental/issues/46 |
|---|
| 사용자 | mukyuuhate (UID 93052) |
|---|
| 제출 | 2025. 12. 24. PM 02:26 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 01. PM 12:31 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 339354 [yeqifu carRental 까지 3fabb7eae93d209426638863980301d6f99866b3 com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|