CVE-2007-4559 PoC — Python tarfile 模块路径遍历漏洞

Source

https://github.com/JamesDarf/wargame-tarpioka

Associated Vulnerability

Title:Python tarfile 模块路径遍历漏洞 (CVE-2007-4559)
Description:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python tarfile模块中的(1)extract和(2)extractall函数存在路径遍历漏洞，该漏洞允许用户辅助远程攻击者通过..TAR存档文件中文件名中的(dot dot)序列，该漏洞与CVE-2001-1267相关。

Description

YISF 2024 CTF-Web (Directory Traversal via ".tar" file, CVE-2007-4559), easy

Readme

# BubbleTea
CVE-2007-4559
“.tar”를 이용한 디렉토리 탐색 취약점으로 ../../flag

## path
--------------------
```
BubbleTea/
├── Dockerfile
├── flag
├── requirements.txt
└── src
    ├── files
    ├── template
    │   └── index.html
    └── app.py
```

### Current Building Instructions
- check docker
docker ps
docker images

docker build -t tarpioka
docker run -d -it --name tarpioka -p 13680:8000 tarpioka

docker ps

- stop and remove docker 
docker stop tarpioka
docker rm tarpioka
docker rmi tarpioka


### Run attack script



## patch
- 07/14
1. path Traversal
file name 인자에 '..', '/'가 포함된 문자열 벤

2. 세션별로 업로드 폴더 제작

3. 로그 남기기 추가

File Snapshot


 [4.0K]  /data/pocs/a3de1abe7ac1fd74a71159a1ea720e60a2298526
├── [   0]  app.log
├── [ 739]  Dockerfile
├── [  56]  flag
├── [5.0K]  login.py
├── [ 762]  README.md
├── [  20]  requirements.txt
├── [4.0K]  src
│   ├── [4.0K]  app.py
│   ├── [4.0K]  static
│   │   ├── [4.0K]  img
│   │   │   └── [921K]  bubble_tea.jpg
│   │   └── [   0]  style.css
│   └── [4.0K]  templates
│       └── [3.4K]  index.html
└── [4.0K]  test
    ├── [  10]  get_flag -> ../../flag
    ├── [1.5K]  pay.tar
    └── [ 457]  poc.py

5 directories, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!