Arbitrary File Deletion Vulnerability in ureport V2.2.9 Author:idam0n
Ureport's report deletion function allows attackers to perform directory traversal, which can cause arbitrary files to be deleted.
download jar release from github:https://github.com/youseries/ureport
View the source code of the delete report function in file:ureport2-core-2.2.9.jar, method:com.bstek.ureport.provider.report.file.deleteReport
It is found that the source code is spliced with paths, resulting in the ability to delete arbitrary files through directory traversal
Build environment to verify the vuln:

Save a report, then delete the report and capture the packet to get the http message:

try to delete the existing file:/root/del.test
It should also be noted that,the function has no access control so it can be accessed by any user.


