Vulnerability: Arbitrary File Read

[Tritium0041]

Affected Endpoint:

go-chat/api/v1/file_controller.go→ GetFile

Description:

This endpoint allows users to read arbitrary files on the web server. Due to the lack of input sanitization, it is vulnerable to directory traversal, enabling attackers to write files outside the intended directory structure. Vulnerable Code:

// 前端通过文件名称获取文件流，显示文件
func GetFile(c *gin.Context) {
	fileName := c.Param("fileName")
	log.Logger.Info(fileName)
	data, _ := ioutil.ReadFile(config.GetConfig().StaticPath.FilePath + fileName)
	c.Writer.Write(data)
}

Exploitation:

By visiting url: /file/../../../../etc/passwd , the attacker can read any file from web server.