This repository has been archived by the owner on Mar 17, 2024. It is now read-only.
Security vulnerability in File Manager Download function #623
Assignees
Labels
Comments
|
对于这个目录回溯的漏洞,在 For loopholes in this directory, a similar situation may occur in the |
|
@ViCrack Thanks for reporting this, I'll check it. edit: Fixed, thank you! 👍 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There exists a security vulnerability in the File Manager Download function which can be only exploited when the File Manager Window in the Server is opened (needs to be the Window on the malicious Client). If the File Manager Window is closed then it's not exploitable.
By modifying the Filename to a path like
..\..\filein DoDownloadFileResponse Client packet the Server will accept the file download and place the file outside of the download directory.Affected versions: v1.0.0.0 - 1.3.0.0
The text was updated successfully, but these errors were encountered: