mirror of
https://github.com/quasar/Quasar.git
synced 2026-04-25 23:35:58 +03:00
[GH-ISSUE #623] Security vulnerability in File Manager Download function #380
Labels
No labels
bug
bug
cant-reproduce
discussion
duplicate
easy
enhancement
help wanted
improvement
invalid
need more info
pull-request
question
wont-add
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/Quasar#380
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @MaxXor on GitHub (Oct 9, 2017).
Original GitHub issue: https://github.com/quasar/Quasar/issues/623
Originally assigned to: @MaxXor on GitHub.
There exists a security vulnerability in the File Manager Download function which can be only exploited when the File Manager Window in the Server is opened (needs to be the Window on the malicious Client). If the File Manager Window is closed then it's not exploitable.
By modifying the Filename to a path like
..\..\filein DoDownloadFileResponse Client packet the Server will accept the file download and place the file outside of the download directory.Affected versions: v1.0.0.0 - 1.3.0.0
@ViCrack commented on GitHub (Apr 17, 2018):
对于这个目录回溯的漏洞,在
HandleGetKeyloggerLogsResponse方法中也可能有类似的情况出现,比如获取日志文件的名称04-17-2018中包含
..\..\。For loopholes in this directory, a similar situation may occur in the
HandleGetKeyloggerLogsResponsemethod.For example, get the name of the log file 04-17-2018 contains..\..\@MaxXor commented on GitHub (Apr 17, 2018):
@ViCrack Thanks for reporting this, I'll check it.
edit: Fixed, thank you! 👍