Path Traversal in yogeshojha/rengine

Valid

Reported on

Aug 31st 2021

✍️ Description

Local File Inclusion through Path Traversal

🕵️‍♂️ Proof of Concept

While logged in into a Rengine instance, go to /api/getFileContents/?nuclei_template&name=../../../../../../../../etc/passwd. The contents of /etc/passwd are included into the response.

💥 Impact

This vulnerability is capable of reading /proc/self/environ, exposing environment variables, including the Postgres password.

Occurences

views.py L54

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 3 months ago

Yogesh Ojha validated this vulnerability 3 months ago

Koen Molenaar has been awarded the disclosure bounty

The fix bounty is now up for grabs

Yogesh Ojha

commented 3 months ago

Maintainer

This is amazing! Good job.

Patch is on the way!

Yogesh Ojha confirmed that a fix has been merged on 171fab 3 months ago

Yogesh Ojha has been awarded the fix bounty

Yogesh Ojha

commented 3 months ago

Maintainer

Good Job on finding this. Congratulations on your bounty!

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 3 months ago

Yogesh Ojha validated this vulnerability 3 months ago

Koen Molenaar has been awarded the disclosure bounty

The fix bounty is now up for grabs

Yogesh Ojha

commented 3 months ago

Maintainer

This is amazing! Good job.

Patch is on the way!

Yogesh Ojha confirmed that a fix has been merged on 171fab 3 months ago

Yogesh Ojha has been awarded the fix bounty

Yogesh Ojha

commented 3 months ago

Maintainer

Good Job on finding this. Congratulations on your bounty!