harry0703 MoneyPrinterTurbo Path Traversal Vulnerability in API Endpoint
Vulnerability
A path traversal vulnerability has been identified in harry0703 MoneyPrinterTurbo versions through 1.2.6. The issue arises in the 'upload_music' function within 'app/controllers/v1/music.py' of the API Endpoint component. This vulnerability allows remote attackers to manipulate the 'File' argument, potentially leading to unauthorized file access or modification.
Impact
Exploitation of this vulnerability allows for arbitrary file write capabilities, with the potential for remote code execution, particularly if the written file is a malicious cron job placed in the '/etc/cron.d/' directory, where it would be executed with root privileges.
Reproduction
To reproduce this vulnerability, send a POST request to the '/api/v1/musics' endpoint with a crafted 'File' parameter that includes path traversal sequences (such as '../') and an absolute path. This will bypass the application's file storage restrictions and allow files to be written to arbitrary locations on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.