Directory Traversal Vulnerability

[0clickjacking0]

Vulnerability file address

internal/controllers/admin/setting/adminSystemController.go line 83 ,c.Query("path") the incoming path value is not filtered, resulting in directory traversal.

path = gstrings.JoinStr(configs.RootPath, c.Query("path"))

	files, err = ioutil.ReadDir(path)
	if err != nil {
		con.Error(c, "获取目录失败")
		return
	}

POC

http://ip:port/admin/setting/system/getdir?path=

Attack results pictures

[gphper]

You're right.，this bug has been fixed