Four-Faith Water Conservancy Informatization Platform Path Traversal Vulnerability in File Download Function
Vulnerability
A critical path traversal vulnerability has been identified in version 1.0 of the Four-Faith Water Conservancy Informatization Platform. The issue arises in the 'historyDownload.do;usrlogout.do' endpoint, where the 'fileName' parameter is not properly validated, allowing unauthenticated attackers to read arbitrary files from the server, including sensitive configuration data. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for arbitrary file read access, enabling attackers to retrieve sensitive files from the server, such as configuration files and other critical data.
Reproduction
To reproduce this vulnerability, send a GET request to the 'historyDownload.do;usrlogout.do' endpoint with a crafted 'fileName' parameter that includes directory traversal sequences. This will bypass the application's file access restrictions and allow access to arbitrary files on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.