Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Vulnerability #5245

Closed
Sudneo opened this issue Dec 15, 2018 · 7 comments
Labels

Comments

@Sudneo
Copy link

@Sudneo Sudneo commented Dec 15, 2018

I found a security issue in the SickChill codebase, I have also written a POC exploit and tested on the latest version. I would rather not make it public, could you DM me?

Thanks

@miigotu

This comment has been minimized.

Copy link
Contributor

@miigotu miigotu commented Dec 15, 2018

There is no way to DM on GitHub. If this is not related to an unsecured install you may email me miigotu@gmail.com
Aka if it is an exploit when there is a username and password set and you do not know it.

@WebSpider

This comment has been minimized.

Copy link
Contributor

@WebSpider WebSpider commented Dec 22, 2018

Did you ever receive the details?

@Sudneo

This comment has been minimized.

Copy link
Author

@Sudneo Sudneo commented Dec 22, 2018

Hey, you were not asking me but yes, I discussed with him the details and he is working on a fix.

@WebSpider

This comment has been minimized.

Copy link
Contributor

@WebSpider WebSpider commented Dec 22, 2018

Great, just making sure you guys exchanged what needed to be exchanged.

@miigotu

This comment has been minimized.

Copy link
Contributor

@miigotu miigotu commented Dec 23, 2018

Basically it is only an issue when an install is web facing and accessible without a login set. Proper fix is a new popup forcing users to set a username/password on their install if some check is done that shows it is accessible from the internet without a password. I think that if there is no login set, we should determine the public IP/address and try a get_url to it, and then check for a value on the page. If the get_url finds the value we know the user does not have a proxy or other method that is securing the service on the web, and we should block access from the public IP and pop up a modal when accessed from a machine on the local network that explains the problem and forces them to set a password.
This fixes a slew of issues when an inexperienced user who almost certainly is not a web administrator leaves themselves at risk.

The other fix for the exact issue @Sudneo reported is related to external post processing scripts. I won't go into the details but we need to sanitize the input and force the user to put the script into the SC data (or a new "scripts" folder), and then limit the $PATH so that other system utilities cannot be called with arguments that would escalate accessibility to the machine.

Both of these things need to be done, if you are interested in working on either of them @WebSpider? I've been quite busy with family and holidays, but these have been very high priority for a really long time now lol...

@stale

This comment has been minimized.

Copy link

@stale stale bot commented Feb 21, 2019

This issue has been automatically marked as stale because it has not had activity in 60 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Stale label Feb 21, 2019
@stale

This comment has been minimized.

Copy link

@stale stale bot commented Feb 28, 2019

This issue has been closed due to inactivity in the last 67 days.

@stale stale bot closed this Feb 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.