Cola Dnslog Directory Traversal Vulnerability in Version 1.3.2
Vulnerability
A directory traversal vulnerability has been identified in Cola Dnslog version 1.3.2. The issue arises when the application processes DNS queries for TXT records. It concatenates the requested URL with a base path using 'os.path.join', which can be exploited to perform directory traversal or absolute path injection. This flaw may lead to the unauthorized exposure of sensitive information, such as user passwords and tokens.
Impact
Exploitation of this vulnerability could result in arbitrary file read, allowing attackers to access sensitive information stored in files on the server.
Reproduction
The vulnerability can be reproduced by sending a DNS query for a TXT record that includes a directory traversal payload. This can be done using the 'nslookup' command. The query should be directed to the server running Cola Dnslog, and the payload should be crafted to traverse directories and access sensitive files, such as the Windows 'win.ini' file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.