Givanz Vvvebjs Directory Traversal Vulnerability in Save.php Component
Vulnerability
A critical directory traversal vulnerability has been identified in Givanz Vvvebjs versions through 2.0.4. The issue resides in the save.php file within the Node.js component, where insufficient input sanitization allows remote attackers to manipulate the file parameter. This manipulation can lead to arbitrary file writing outside the intended directory. The vulnerability is exploitable by sending a crafted POST request that includes a traversal sequence in the file parameter, effectively writing files to unauthorized locations on the server.
Impact
Exploitation of this vulnerability allows for arbitrary file writing on the server, which could be used to overwrite existing files or create new ones in sensitive locations, potentially leading to further exploitation or disruption of the application.
Reproduction
To reproduce this vulnerability, upload the application to a server and run it using Node.js. Once the application is running, send a POST request to the save.php endpoint with the file parameter set to a traversal sequence that points to a location outside the web root, such as ../flag.txt. This request will demonstrate the path traversal vulnerability by creating a file in the specified location, one level above the server root.