Eosphoros AI DB-GPT Arbitrary File Write Vulnerability via SQL Injection in Chart Run API

In Eosphoros AI DB-GPT version 0.6.0, the web API endpoint POST /api/v1/editor/chart/run is vulnerable to SQL injection, allowing the execution of arbitrary SQL queries without access control. This vulnerability can be exploited to perform arbitrary file writes, potentially leading to remote code execution by writing malicious files, such as __init__.py, into Python's site-packages directory.

Impact

Exploitation of this vulnerability allows unauthorized users to write arbitrary files to the victim's file system, with the potential for remote code execution by placing malicious files in locations recognized by the Python interpreter.

Reproduction

To reproduce this vulnerability, first set up the DB-GPT application by running the dbgpt_server.py script. Once the server is running, create a DuckDB database connection named 'testDuckDB' that points to an in-memory database. After establishing the connection, send a POST request to the /api/v1/editor/chart/run endpoint, including a SQL command that uses the DuckDB COPY function to write a file, such as '/tmp/hacked', with a payload like 'hackedxxx!'. This request will execute the SQL injection, demonstrating the arbitrary file write vulnerability.

Remediation

The API endpoint should be secured by implementing access controls, such as requiring administrator permissions, to prevent unauthorized users from executing risky SQL operations.