Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.10.0存在任意文件读取漏洞 #2346

Closed
xiaognag4344 opened this issue Oct 24, 2023 · 2 comments · Fixed by #2349
Closed

v1.10.0存在任意文件读取漏洞 #2346

xiaognag4344 opened this issue Oct 24, 2023 · 2 comments · Fixed by #2349
Labels
bug Something isn't working

Comments

@xiaognag4344
Copy link

重现步骤

  1. POST /sql_analyze/analyze/ HTTP/1.1
    image

预期外的结果

存在任意文件读取漏洞

日志文本

No response

版本

v1.10.0

部署方式

Docker

是否还有其他可以辅助定位问题的信息?比如数据库版本等

No response
@LeoQuote LeoQuote added the bug Something isn't working label Oct 24, 2023
@LeoQuote

This comment was marked as outdated.

Sign in to view
@LeoQuote
Copy link
Collaborator

看了下, 是 soar 这边既可接受 sql 语句又可接受文件路径导致的, 这块如果说过滤请求, 不是特别好判断是不是真正的 SQL 语句, 我这边做了一个针对性修复, 针对你说的读取文件的bug 做了修复

@LeoQuote LeoQuote mentioned this issue Oct 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

针对性修复 sql_analyze 读取文件的 bug LeoQuote/archery
2 participants
@LeoQuote @xiaognag4344