Improper Input Validation Leading to Local File Inclusion
A Local File Inclusion (LFI) vulnerability was identified in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240310. The vulnerability arises during the process of uploading chat history, where an attacker can manipulate file paths to read arbitrary files on the server. This issue was not explicitly mentioned as patched in the provided information.
Available publicly on Apr 27 2024
Threat Overview
The vulnerability stems from the application's handling of file uploads for chat history. When a new chat history file is uploaded, the application copies the file to a publicly accessible history directory without properly validating the file path. This lack of validation allows an attacker to specify arbitrary file paths, leading to the inclusion of local files that should not be accessible. This can result in unauthorized access to sensitive information stored on the server.
Attack Scenario
An attacker intercepts the WebSocket request made during the chat history upload process using a tool like Burp Suite. They modify the 'name' parameter of the request to point to a sensitive file on the server (e.g., '/etc/passwd'). The application then copies this file to the publicly accessible history directory, allowing the attacker to access it by navigating to a specific URL.
Who is affected
Users of the gaizhenbiao/chuanhuchatgpt application version 20240310 are affected by this vulnerability. Specifically, the security of the server where the application is hosted is compromised, as attackers can read arbitrary files, potentially leading to the exposure of sensitive information.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.