Eosphoros AI DB-GPT Arbitrary File Write Vulnerability via SQL Injection in DuckDB

A vulnerability in Eosphoros AI DB-GPT version 0.6.0 allows for arbitrary file write on the victim's file system. This issue arises from the web API POST /api/v1/editor/sql/run, which permits the execution of arbitrary SQL queries without access control. Exploiting this vulnerability with DuckDB SQL could lead to remote code execution.

Impact

Exploitation of this vulnerability allows unauthorized users to write arbitrary files to the victim's file system, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, first upload the application and run the server. Then, send a POST request to the /api/v1/chat/db/add endpoint to create a DuckDB database connection. After establishing the connection, send a POST request to the /api/v1/editor/sql/run endpoint with a crafted SQL query that uses the DuckDB COPY command to write a file to the file system. The example SQL query writes a file named 'hacked' in the '/tmp/' directory, demonstrating the arbitrary file write capability.

Remediation

Users are advised to update to version 0.6.1 or later, where this vulnerability has been fixed.