CVE-2024-33383
📋 TL;DR
This vulnerability allows remote attackers to read arbitrary files on novel-plus servers by manipulating the filePath parameter in GET requests. It affects novel-plus versions 4.3.0 and earlier, potentially exposing sensitive configuration files, credentials, or other server data.
💻 Affected Systems
- novel-plus
📦 What is this software?
Novel Plus by Xxyopen
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like configuration files containing database credentials, SSH keys, or other authentication secrets.
Likely Case
Exfiltration of sensitive configuration data, source code, or user information leading to further attacks or data breaches.
If Mitigated
Limited impact if proper file permission controls and input validation are in place, restricting access to non-sensitive files.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward via crafted HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.3.1 or later
Vendor Advisory: https://github.com/201206030/novel-plus
Restart Required: Yes
Instructions:
1. Backup your novel-plus installation and database. 2. Download the latest version from the official repository. 3. Replace the existing installation with the patched version. 4. Restart the novel-plus service.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to reject filePath parameters containing directory traversal sequences or accessing sensitive paths.
Implement input sanitization in the affected endpoint to restrict filePath to allowed directories only.
Web Application Firewall Rule
allBlock requests containing directory traversal patterns in the filePath parameter.
Add WAF rule to detect and block patterns like '../', '..\', or absolute paths in filePath parameter.
🧯 If You Can't Patch
- Implement strict network access controls to limit novel-plus exposure to trusted networks only.
- Apply file system permissions to restrict novel-plus process from reading sensitive system files.
🔍 How to Verify
Check if Vulnerable:
Test by sending a GET request with filePath parameter containing directory traversal sequences (e.g., filePath=../../../etc/passwd) to the vulnerable endpoint.Check Version:
Check the novel-plus version in the application's admin panel or configuration files.Verify Fix Applied:
After patching, attempt the same exploit and verify that the server returns an error or empty response instead of file contents.📡 Detection & Monitoring
Log Indicators:
- HTTP GET requests with filePath parameter containing directory traversal patterns
- Unusual file access patterns from novel-plus process
Network Indicators:
- HTTP requests with suspicious filePath values
- Multiple failed attempts to access sensitive file paths
SIEM Query:
source="novel-plus" AND (filePath="*../*" OR filePath="*..\\*")