New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Path Traversal vulnerability in import-orphans.php #994
Comments
|
Nice find! |
Thank you very much, |
|
I am not a programmer, just a user. Is this the same as this issue: "Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder. If so,would you mind giving step-by-step instructions on how to solve this? We have a small non-profit and with this program our clients can upload their files to us. We need them to be secure. Thank you in advance. |
|
I'll implement the fix ASAP and try to get the new release out this week, which is focused on security fixes |
|
Thank you, that is very much needed and appreciated. |
|
Thank you. |
Can you already say when we can expect this security-focused release? |
|
@kkplein I'm working on adding recaptcha to the login form. That should be up today or tomorrow, and a release will follow a few days later after testing. Would you like to test it out before releasing? |
|
Sure! |
|
@kkplein I wasn't able to fully implement recaptcha for the login for yet, but the rest should all be ok. I'd really appreciate if you can test this version out. Thank you!! |
|
@ignacionelson I just downloaded, copied to the ps root folder, unzippd -o, logged on to the system, and everything worked perfectly. The system logged the upgrade in the activity log (masteruser updated ProjectSend to version 1330) |
|
@kkplein Thanks!! |
|
Good. Curiosa about others testing this. Are all known security issues solved in this release? |
|
@ignacionelson I'm just wondering if that fix for the directory traversal was ever implemented. I'm running r1335 and the proposed change above doesn't appear to be in place; I'm not a php dev though so I'm not 100% sure that it hasn't been fixed. |
|
50fc348 |
|
Okay that's wonderful, thank you for the update. Could this issue be closed then? |
Dear @ignacionelson ,
I found a Path traversal vulnerability in import-orphans.php
Description
Becase of lacking sanitization input for
files[]parameter, The attacker can add../to move all of php files or any file on the system that has permissions to/upload/files/folderStep To Reproduce
../../[file name want to move]infiles[]parameter, in this step the attacker can move php files with the aim of sabotaging the system or read sentitive file in system likepasswd, access log, ...webroot/import-orphans.phpto get a new name of filewebroot/upload/files/[new name of file]Request move
index.phpfileThen

webrootreturned Directory Listing because of movingindex.phpfile to/upload/filesfolderSolution:
The text was updated successfully, but these errors were encountered: