Skip to content
This repository was archived by the owner on Jan 6, 2018. It is now read-only.

Security Vulnerability  #33

Open
Open
Security Vulnerability #33
Assignees
sapanpanigrahi
Labels
security
@gyehuda

Description

@gyehuda
gyehuda
opened on Jan 4, 2018

A security researcher discovered that an authenticated user (including a newly registered guest) could import a Zip file containing framework data. Although the extracted Zip file data is not stored in the web server document root, symbolic links created during the web app installation for "test_data" allow for PHP execution.

Steps to Reproduce
Important: Make sure to use a test account when reproducing these steps!

  1. Export the DaytonaSampleFramework to a zip file under the user dropdown box -> Import/Export page.
  2. Add a PHP file to the Zip archive as test.php in the DaytonaSampleFramework directory.
  3. Import the Zip archive under the Import/Export page.
  4. Browse to http://127.0.0.1/test_data/DaytonaSampleFramework/test.php and notice the uploaded PHP file is interpreted.

Metadata

Metadata

Assignees

Labels

security

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions