Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33510: jeecg-p3-biz-chat-1.0.5.jar has Arbitrary file read vulnerability

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

CVE
Open in Source
#vulnerability#git#java#maven

first let’s find the url to download the jeecg-p3-biz-chat-1.0.5.jar:

https://maven.jeecg.org/nexus/content/repositories/jeecg/org/jeecgframework/p3/jeecg-p3-biz-chat/1.0.5/

When we finish downloading, use the decompiler software to open this jar file.

In the getImgByurl method, the file is read by passing in the get parameter dbPath.In the variable imgurl, the code splices the path, and then uses FileInputStream to read the file. There are no security restrictions on the path of dbpath.So we can pass … /… /… /… / way to read any file.

so the poc is:

/chat/imController/showOrDownByurl.do?dbPath=../../../../../../../etc/passwd

Here we build jeecgboot for testing, because this component is used in this set of code.

https://github.com/jeecgboot/jeecg

After the construction is completed, we send the poc:

curl http://192.168.31.207:8061/chat/imController/showOrDownByurl.do?dbPath=../../../../../../etc/passwd

you can see, it is working

Related news

GHSA-v3v9-3jf4-5pxx: Jeecg P3 Biz Chat allows remote attackers to read arbitrary files

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE