Listen to this Post
Intro – How VULN-002 Works
The vulnerability exists in the SQL scalar function `clear_plugin_cache(plugin)` inside `namespace/other_functions.go` of julien040/anyquery version 0.4.4. The function takes a user-supplied `plugin` string and immediately passes it to pathlib.Join(xdg.CacheHome, "anyquery", "plugins", plugin). The resulting path is then given to `os.RemoveAll` without any validation besides an empty-string check for plugin. Because `pathlib.Join` (like path.Join) silently resolves `..` path segments, an attacker can inject `../` sequences to break out of the intended cache directory. The server listens on `/v1/query` (or `/execute-query` in the PoC) and accepts JSON requests containing SQL queries. A low-privileged bearer-token holder can submit SELECT clear_plugin_cache('../../../../tmp/target'). The join operation produces a path that walks up four levels from $XDG_CACHE_HOME/anyquery/plugins/, landing at /tmp/target. `os.RemoveAll` then recursively deletes that directory. The code contains no check that the final path still resides under the cache root. This allows arbitrary directory deletion anywhere the server process has write permissions. The attack is authenticated (token required) but the token is often shared or weakly protected, making it a realistic vector. The root cause is improper sanitization of path traversal sequences before filesystem operations – CWE-22.
DailyCVE Form:
Platform: anyquery
Version: 0.4.4
Vulnerability: Path traversal
Severity: High
date: 2025-04-01
Prediction: 2025-04-15
What Undercode Say:
Build and run vulnerable container
docker build -f Dockerfile -t anyquery-vuln002 .
docker run --rm --name anyquery-vuln002 -p 127.0.0.1:8070:8070 anyquery-vuln002
Create sentinel directory inside container
docker exec anyquery-vuln002 mkdir -p /tmp/poc_sentinel
Send traversal payload via curl
curl -X POST http://127.0.0.1:8070/execute-query \
-H "Content-Type: application/json" \
-d '{"query": "SELECT clear_plugin_cache('\''../../../../tmp/poc_sentinel'\'')"}'
Verify deletion
docker exec anyquery-vuln002 test -d /tmp/poc_sentinel && echo "Still exists" || echo "Deleted"
Exploit:
Python script `poc.py` sending `SELECT clear_plugin_cache(‘../../../../tmp/target’)` to /execute-query. The `..` segments escape `$XDG_CACHE_HOME/anyquery/plugins/` and delete /tmp/target. No special privileges needed beyond valid API token.
Protection:
- Validate `plugin` against
..,/,\, and leading `.` before `pathlib.Join`
– After joining, compute relative path from cache root and reject if it contains `..`
– Use `filepath.Rel` and check prefix: `rel, err := filepath.Rel(cacheRoot, pathToRemove); if err != nil || strings.HasPrefix(rel, “..”) { return error }`
Impact:
Permanent deletion of any directory writable by the server process – configuration directories, home folders, or critical system paths leading to irreversible data loss and denial of service. No confidentiality impact (delete only).
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
