Megagao SSM-ERP and Production_SSM Path Traversal Vulnerability in File Download Function

A path traversal vulnerability has been identified in Megagao SSM-ERP and Production_SSM version 1.0. The issue arises in the FileController.java component, specifically within the handleFileDownload function of the File Handler. This vulnerability allows remote attackers to manipulate file download requests, potentially leading to arbitrary file reads on the server.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files on the server, allowing attackers to read arbitrary files outside the intended directory.

Reproduction

To reproduce this vulnerability, install the application and configure the database and Tomcat server. After starting the project, log into the backend and intercept the file download request. The vulnerability can be exploited by sending a request to the '/file/download?fileName=' endpoint with a crafted file name that includes directory traversal sequences, such as '..', to access restricted files on the server.

Remediation

It is recommended to update the file handling logic to properly validate and sanitize file name inputs, disallowing directory traversal characters and patterns. Ensure that the application is not using vulnerable versions of the framework or libraries that could introduce similar issues.