Reggie Path Traversal Vulnerability in CommonController Download Function

A critical path traversal vulnerability has been identified in the Reggie application, version 1.0. The issue arises in the CommonController's download method, located in src/main/java/com/itheima/reggie/controller/CommonController.java. The vulnerability allows remote attackers to manipulate the name parameter, enabling them to download arbitrary files without authentication. The default file upload and download paths are set to D:\img\, as specified in the application.yml configuration file.

Impact

Exploitation of this vulnerability allows for unauthorized file downloads, potentially leading to the exposure of sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the /common/download endpoint with a crafted name parameter that includes path traversal sequences, such as '/../etc/passwd'. This request can be made using a tool like curl or Postman, targeting the application's server address and port.