| Title | moxi159753 mogu_blog_v2 <=v5.2 Path Traversal / Zip Slip |
|---|
| Description | mogu_blog_v2, a microservice-based blog system, contains a Zip Slip path traversal vulnerability in the network disk file decompression functionality. The /networkDisk/unzipFile endpoint calls FileOperation.unzip() which extracts ZIP archives without validating entry names. At line 241 of FileOperation.java, file paths are constructed directly as new File(destDirPath + "/" + entry.getName()) without checking for path traversal sequences or ensuring the resolved canonical path remains within the target directory. Authenticated attackers with network disk access can upload malicious ZIP files containing entries with names like ../../../../config/application.yml or ../../../../tmp/malicious.sh. When the ZIP is extracted, these files are written to arbitrary filesystem locations, escaping the intended extraction directory. This enables attackers to overwrite critical application configuration files, deploy webshells to web-accessible directories, modify executable scripts, or write to system locations, leading to remote code execution and complete system compromise. The vulnerability requires authentication but allows low-privileged users to achieve code execution through arbitrary file write. |
|---|
| Source | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-zip_slip-1/report.md |
|---|
| User | sh7err05 (UID 92498) |
|---|
| Submission | 11/10/2025 14:39 (7 months ago) |
|---|
| Moderation | 11/30/2025 20:51 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 333825 [moxi159753 Mogu Blog v2 up to 5.2 ZIP File /networkDisk/unzipFile FileOperation.unzip fileUrl path traversal] |
|---|
| Points | 20 |
|---|