Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module and documentation for Subrion CMS v4.2.1 RCE #18211
Add module and documentation for Subrion CMS v4.2.1 RCE #18211
Changes from 1 commit
4e16307
568849f
a709c4c
3ce382d
e2a0405
e9f53bd
78c1f75
671a90e
867282b
7ad7c40
b7b1137
f3e1fcc
c4d089b
06db7da
207d00b
aeb8cd3
154387f
11fb61c
888091d
19dcc2d
1c075f6
31da1f8
74e886d
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I managed to run version 4.1.0 using docker. I used a modified
docker-compose.yml
from the official repository:Then run
docker-compose up
.The config embedded in this docker image does not include
.phar
file type to be parsed through the PHP handler . I needed to update the `/etc/apache2/conf-enabled/docker-php.conf' configuration file in the container and reload Apache:Then just finish the installation at
http://127.0.0.1:8080/
with the following values:Please, would you mind adding this installation alternative to the documentation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the additional testing. I'll try it out myself soon and add the results to the documentation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you get any error? Or maybe anything interesting in the server logs? We can hep to debug this and make it work on Windows too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I downloaded and installed XAMPP 7.4.3 from here, and installed PHP 7.4.3 on Windows 10 and added to PATH. Expanded the Subrion 4.2.1 zip file in
C:\xampp\htdocs\
and set it up easily.After that I got quite a few warnings and deprecation notices, probably because it was PHP 7.4 and curly brace syntax was deprecated, but it probably wouldn't affect PHP file execution.
My initial hunch was that the PHP extension to execute
.phar
files was not installed on the Windows 10 host but according to https://stackoverflow.com/questions/66868454/install-it-or-recompile-php-without-disable-phar-on-windows,phar
extensions are enabled by default and I also foundphar
when runningphp -m
.Also disabled the
phar.readonly
andphar.require_hash
settings in thephp.ini
file. Restarted Apache and retested, but no luck:I get this error when looking at the source code of the web page:
The Apache
error.log
is ok, but to get thephp_error_log
, you need to create a folder: https://stackoverflow.com/questions/43247952/php-error-log-missing-in-xamppBut there's nothing of note in the Apache
access.log
orerror.log
orphp_error_log.txt
.