Skip to content
This repository has been archived by the owner on Jan 6, 2018. It is now read-only.

Security Vulnerability #33

Open
gyehuda opened this issue Jan 4, 2018 · 1 comment
Open

Security Vulnerability #33

gyehuda opened this issue Jan 4, 2018 · 1 comment
Assignees
@sapanpanigrahi
Labels
security

Comments

@gyehuda
Copy link
Contributor

gyehuda commented Jan 4, 2018

A security researcher discovered that an authenticated user (including a newly registered guest) could import a Zip file containing framework data. Although the extracted Zip file data is not stored in the web server document root, symbolic links created during the web app installation for "test_data" allow for PHP execution.

Steps to Reproduce
Important: Make sure to use a test account when reproducing these steps!

  1. Export the DaytonaSampleFramework to a zip file under the user dropdown box -> Import/Export page.
  2. Add a PHP file to the Zip archive as test.php in the DaytonaSampleFramework directory.
  3. Import the Zip archive under the Import/Export page.
  4. Browse to http://127.0.0.1/test_data/DaytonaSampleFramework/test.php and notice the uploaded PHP file is interpreted.
@gyehuda
Copy link
Contributor Author

gyehuda commented Jan 5, 2018

I'm going to archive this repo.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sapanpanigrahi sapanpanigrahi

Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gyehuda @sapanpanigrahi