+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-10-19 (/Thread-HackerOne-Disclosed-Reports-2025-10-19)
HackerOne disclosed reports - 2025-10-19 - hashXploiter - 10-20-2025
High
resolved
resolved
Arbitrary File Write
Bug reported by newby was disclosed at October 19, 2025, 9:19 pm | Path Traversal
A path traversal vulnerability was discovered in the protodump tool. The vulnerability allowed for arbitrary file writes outside the intended output directory due to insufficient validation of the go_package option extracted from embedded protobuf descriptors. The Filename() function extracted the go_package option without sanitization, enabling an attacker to create a malicious binary with a crafted go_package value containing path traversal sequences. When the user ran protodump on this binary, the tool wrote the extracted proto file to an arbitrary location on the filesystem.