Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] [Security] Form Upload Dokumen #1990

mugi789 opened this issue Mar 26, 2019 · 1 comment


Copy link

@mugi789 mugi789 commented Mar 26, 2019

Bagaimana alurnya sampai muncul masalah?

  1. Login
  2. Lalu ke halaman artikel
  3. Klik "Tambah Berita Baru"
  4. Pada form dokumen lampiran lalu pilih file .pdf yg akan diupload
  5. Kemudian lakukan tamper data
  6. Ubah extensinya yg awalnya .pdf ganti dengan .html
  7. Dan ini contoh file yg telah saya upload

Seperti apa yang diharapkan?

Hanya dpt mengunggah file dokumen

Apa yang terjadi?

Dpt mengunggah file selain file dokumen

Informasi tambahan

Selain html, file lain pun bisa masuk, kecuali ext .php


Extension .php5 lolos, bisa masuk

Tanya Jawab
Versi OpenSID 19.03-pasca
Versi PHP
System operasi
@mugi789 mugi789 changed the title [BUG] [Security] Pada Form Upload Dokumen [BUG] [Security] Form Upload Dokumen Mar 26, 2019
@eddieridwan eddieridwan added this to SUDAH DI MASTER in Rilis yang sedang dikerjakan Mar 30, 2019
eddieridwan added a commit that referenced this issue Mar 30, 2019
…arus berekstensi .pdf, .ppt, .pptx, .pps, .ppsx, .doc, .docx, .rtf, .xls atau .xlsx [security-fix]

This comment has been minimized.

Copy link

@eddieridwan eddieridwan commented Mar 30, 2019

Sudah dicommit ke master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.