← Back to team overview

phpdevshell team mailing list archive

  1. phpdevshell team
  2. Mailing list archive
  3. Message #00569

[Bug 887044] [NEW] gzip injection utter and easy serious security flaw

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Private security bug reported:

I just downloaded PHPDS (I did not know the existence of this framework,
discovered it on a demo of resellerspanel control panel).

I opened the two root files index.php and gzip.php to check the code. In
gzip.php I found a serious security problem. File locations are not
filtered, and I can download any file from the demo.phpdevshell.org...
even config files... depending on how the server/hosting account is
setup, I imagine I could download any os file...

Example:
http://demo.phpdevshell.org/gzip.php?file=config/single-site.config.php
http://demo.phpdevshell.org/gzip.php?file=other/service.php

If I examined how the framework works, I could probably get files from
write folder (logs, cache etc).

Please look into it - thank you.
Antonis A.

** Affects: phpdevshell
     Importance: Critical
     Assignee: TitanKing (titan-phpdevshell)
         Status: Fix Committed

-- 
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/887044

Title:
  gzip injection utter and easy serious security flaw

Status in Open Source PHP RAD Framework with UI.:
  Fix Committed

Bug description:
  I just downloaded PHPDS (I did not know the existence of this
  framework, discovered it on a demo of resellerspanel control panel).

  I opened the two root files index.php and gzip.php to check the code.
  In gzip.php I found a serious security problem. File locations are not
  filtered, and I can download any file from the demo.phpdevshell.org...
  even config files... depending on how the server/hosting account is
  setup, I imagine I could download any os file...

  Example:
  http://demo.phpdevshell.org/gzip.php?file=config/single-site.config.php
  http://demo.phpdevshell.org/gzip.php?file=other/service.php

  If I examined how the framework works, I could probably get files from
  write folder (logs, cache etc).

  Please look into it - thank you.
  Antonis A.

To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/887044/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next