Jeecgboot Path Traversal Vulnerability Allowing Arbitrary File Uploads

A path traversal vulnerability has been identified in Jeecgboot versions through 3.8.2. The issue resides in the file upload endpoint '/sys/comment/addFile', which is part of the '/sys/upload/uploadMinio' function. This vulnerability allows attackers to upload files with extensions whitelisted by the system to the '/opt' directory, rather than the intended '/opt/upFiles' directory. The vulnerability arises because the 'bizPath' parameter only filters out certain directory traversal sequences, leaving room for exploitation by manipulating the 'biz' parameter.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads into the '/opt' directory, where various critical applications are commonly installed. This could allow attackers to replace legitimate application files with malicious ones, potentially executing harmful code under the guise of a trusted application.

Reproduction

To reproduce this vulnerability, send a file upload request to the '/sys/comment/addFile' endpoint. Set the 'biz' parameter to include directory traversal sequences that bypass the server's basic filtering. Once the file is uploaded, check the response and the '/opt' directory to confirm the successful exploitation.