Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Arbitrary File Deletion Vulnerability in ureport V2.2.9 Author:idam0n

Ureport's report deletion function allows attackers to perform directory traversal, which can cause arbitrary files to be deleted.

download jar release from github:https://github.com/youseries/ureport

View the source code of the delete report function in file:ureport2-core-2.2.9.jar, method:com.bstek.ureport.provider.report.file.deleteReport

image It is found that the source code is spliced with paths, resulting in the ability to delete arbitrary files through directory traversal

Build environment to verify the vuln: image

Save a report, then delete the report and capture the packet to get the http message: image

try to delete the existing file:/root/del.test

image

send the request: image

the file has been deleted: image

It should also be noted that,the function has no access control so it can be accessed by any user.