Headline

CVE-2022-34551: Relative Path Traversal · Issue #7 · rawchen/sims

Sims v1.0 was discovered to allow path traversal when downloading attachments.

2 years ago

#vulnerability #mac #windows #linux #js #git #chrome #firefox

****[Suggested description]****

Relative Path Traversal exists in sims. The front end of this open source system is an online examination system. This open source system is a student information management system. An insecurity vulnerability exists when downloading attachments. Attackers can exploit this vulnerability to obtain sensitive server information, such as "/etc/passwd", "backup files", etc.
GET: http://localhost:8081/sims/downloadServlet

****[Vulnerability Type]****

Relative Path Traversal

****[Vendor of Product]****

https://github.com/rawchen/sims

****[Affected Product Code Base]****

1.0

****[Affected Component]****

Sims 1.0

OS: Windows/Linux/macOS

Browser: Chrome、Firefox、Safari

****[Attack vector]****

http://localhost:8081/sims/downloadServlet?filename=../index.jsp

[Attack Type]

Remote

****[Impact Code execution]****

False

****[Proof of concept]****

Step1: Under the “System Management” tab, select "File Release", select any file, and click the “Start Upload” button.

Step2: The upload is successful, and under the “System Management” tab, select “File List” and click the “Download” button to obtain the download interface.

Step3: Refactor the download interface parameters to implement directory spanning and arbitrary file download.

[Reference(s)]

http://cwe.mitre.org/data/definitions/23.html