imlonghao imlonghao

## public-reference.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                imlonghao
                / public-reference.md
            
            
              Last active
              October 1, 2025 14:46
            
              
                CVE-2025-55865
              
          
    Vulnerability Description

Auto_Bangumi is a RSS-based tool for automatically tracing and downloading anime. For version between 3.1.6-fix and 3.1.18, the posters method in /backend/src/main.py contains a directory traversal vulnerability, which allows attackers to read arbitrary files from the system.
Link to vulnerable code:
https://github.com/EstrellaXD/Auto_Bangumi/blob/81b3a4aacd41e93032d809b27a69ebdd431a4ed0/backend/src/main.py#L41-L43
Vulnerability Severity

CVSS v4.0 Score: 8.7 / High

  
## intermediate_ca.crt
-----BEGIN CERTIFICATE-----
MIIBzjCCAXOgAwIBAgIRALRm9ekZjPJ9nPMUmSGTh4AwCgYIKoZIzj0EAwIwMDES
MBAGA1UEChMJaW1sb25naGFvMRowGAYDVQQDExFpbWxvbmdoYW8gUm9vdCBDQTAe
Fw0yMjAxMTAxMjQ2MzNaFw0zMjAxMDgxMjQ2MzNaMDgxEjAQBgNVBAoTCWltbG9u
Z2hhbzEiMCAGA1UEAxMZaW1sb25naGFvIEludGVybWVkaWF0ZSBDQTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABO5G2CWEODVl6DJKYy36co6J6K12Y+OftCXUihhG
pvKbKNM5/vImNTwDzAyCKrKcM8Da+1WTIJnIZM9qlLG8ZdajZjBkMA4GA1UdDwEB
/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSogpZKpXI5Y/hq
gHbM97xX0Kz1qDAfBgNVHSMEGDAWgBRph7IpR8ExGEi0Jz6dkNcnmhaiKjAKBggq
hkjOPQQDAgNJADBGAiEAwdZAx5QmAGR2Sj2yihFyKE+m1M6Kj/tY+syOJNPxqXgC

## gist:95ce3991118933818b087220918db9b6
#!/usr/bin/env python

import json
from elasticsearch import Elasticsearch
from elasticsearch.helpers import bulk

def g():
    with open('a.log') as f:
        for i in f:
            data = json.loads(i)

## alpine.sh
#!/bin/sh

set -ex

PATH=/bin:/sbin:/usr/bin:/usr/sbin
KEYMAP="us us"
HOST=hostname-changeme
USER=rancher
ROOT_FS=ext4
BOOT_FS=ext4

## install.sh
#!/bin/sh

echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install wireguard-dkms wireguard-tools -y
apt dist-upgrade -y

cat > /etc/rc.local << EOF
#!/bin/sh

## as-set.py
#!/usr/bin/env python3
#
# Copyright (c) 2017 imlonghao <shield@fastmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#

## gist:ff33310183bcca9e7c8ad541b8cc9176
#!/bin/bash

# ----------------
AS=
SUBNET=
ROUTER_ID=
GATEWAY_IP=
SUBNET_v6=
GATEWAY_IP_v6=
SNMP_IP=
	-----BEGIN CERTIFICATE-----
	MIIBzjCCAXOgAwIBAgIRALRm9ekZjPJ9nPMUmSGTh4AwCgYIKoZIzj0EAwIwMDES
	MBAGA1UEChMJaW1sb25naGFvMRowGAYDVQQDExFpbWxvbmdoYW8gUm9vdCBDQTAe
	Fw0yMjAxMTAxMjQ2MzNaFw0zMjAxMDgxMjQ2MzNaMDgxEjAQBgNVBAoTCWltbG9u
	Z2hhbzEiMCAGA1UEAxMZaW1sb25naGFvIEludGVybWVkaWF0ZSBDQTBZMBMGByqG
	SM49AgEGCCqGSM49AwEHA0IABO5G2CWEODVl6DJKYy36co6J6K12Y+OftCXUihhG
	pvKbKNM5/vImNTwDzAyCKrKcM8Da+1WTIJnIZM9qlLG8ZdajZjBkMA4GA1UdDwEB
	/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSogpZKpXI5Y/hq
	gHbM97xX0Kz1qDAfBgNVHSMEGDAWgBRph7IpR8ExGEi0Jz6dkNcnmhaiKjAKBggq
	hkjOPQQDAgNJADBGAiEAwdZAx5QmAGR2Sj2yihFyKE+m1M6Kj/tY+syOJNPxqXgC
	#!/usr/bin/env python

	import json
	from elasticsearch import Elasticsearch
	from elasticsearch.helpers import bulk

	def g():
	with open('a.log') as f:
	for i in f:
	data = json.loads(i)
	#!/bin/sh

	set -ex

	PATH=/bin:/sbin:/usr/bin:/usr/sbin
	KEYMAP="us us"
	HOST=hostname-changeme
	USER=rancher
	ROOT_FS=ext4
	BOOT_FS=ext4
	#!/bin/sh

	echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list
	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
	apt update
	apt install wireguard-dkms wireguard-tools -y
	apt dist-upgrade -y

	cat > /etc/rc.local << EOF
	#!/bin/sh
	#!/usr/bin/env python3
	#
	# Copyright (c) 2017 imlonghao <shield@fastmail.com>
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	#!/bin/bash

	# ----------------
	AS=
	SUBNET=
	ROUTER_ID=
	GATEWAY_IP=
	SUBNET_v6=
	GATEWAY_IP_v6=
	SNMP_IP=