Gửi #791083: SuperAGI up to c3c1982 Path Traversal (CWE-22)thông tin

tiêu đềSuperAGI up to c3c1982 Path Traversal (CWE-22)
Mô tả# Technical Details An Arbitrary File Write vulnerability via Path Traversal exists in the `upload` function in `superagi/controllers/resources.py` of SuperAGI. The application fails to sanitize the `file.filename` attribute from the HTTP multipart upload before joining it with the base storage directory. The extension check is only applied to the `name` field (not the actual filename), allowing an attacker to bypass the check and write files to arbitrary locations on the server. # Vulnerable Code File: superagi/controllers/resources.py (lines 71-77) Method: upload Why: The application performs an extension check on the `name` field of the form data, but constructs the file path using the unsanitized `file.filename` attribute. Path traversal sequences (e.g., `../../`) in `file.filename` are preserved, allowing writes outside the intended upload directory. In the default development environment, the endpoint lacks authentication enforcement. # Reproduction 1. Ensure SuperAGI backend is running. 2. Send the following request with a path traversal payload in the filename: curl -s -X POST "http://127.0.0.1:8001/resources/add/1" -F "name=legit_name.txt" -F "size=24" -F "type=text/plain" -F "file=@/tmp/payload.txt;filename=../../../../../../../../../../tmp/pwned_traversal.txt" 3. Verify file was written: docker exec -it superagi-backend cat /tmp/pwned_traversal.txt # Impact - Arbitrary File Write: Attacker can write files to any location on the server filesystem. - Remote Code Execution: By overwriting Python library files, startup scripts, or configuration files, the attacker can achieve RCE. - The vulnerability is exploitable with no authentication in the default development environment (CVSS: Critical).
Nguồn⚠️ https://gist.github.com/YLChen-007/300843c707435540ce0e23bff3e6173a
Người dùng
 Eric-y (UID 95889)
Đệ trình27/03/2026 13:03 (cách đây 24 ngày)
Kiểm duyệt19/04/2026 18:13 (23 days later)
Trạng tháiđược chấp nhận
Mục VulDB358250 [TransformerOptimus SuperAGI đến 0.0.14 Multipart Upload resources.py upload Tên duyệt thư mục]
điểm20

TrướcTổng QuanTiếp theo

Interested in the pricing of exploits?

See the underground prices here!