phpdevshell team mailing list archive
-
phpdevshell team
-
Mailing list archive
-
Message #00636
[Bug 887044] Re: gzip injection utter and easy serious security flaw
** Changed in: phpdevshell
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of
PHPDevShell, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/887044
Title:
gzip injection utter and easy serious security flaw
Status in Open Source PHP RAD Framework with UI.:
Fix Released
Bug description:
I just downloaded PHPDS (I did not know the existence of this
framework, discovered it on a demo of resellerspanel control panel).
I opened the two root files index.php and gzip.php to check the code.
In gzip.php I found a serious security problem. File locations are not
filtered, and I can download any file from the demo.phpdevshell.org...
even config files... depending on how the server/hosting account is
setup, I imagine I could download any os file...
Example:
http://demo.phpdevshell.org/gzip.php?file=config/single-site.config.php
http://demo.phpdevshell.org/gzip.php?file=other/service.php
If I examined how the framework works, I could probably get files from
write folder (logs, cache etc).
Please look into it - thank you.
Antonis A.
To manage notifications about this bug go to:
https://bugs.launchpad.net/phpdevshell/+bug/887044/+subscriptions
References