Fix file inclusion vulnerability #510
Conversation
|
feels it should go like ;) : @AlekseyKorzun 👍 |
|
Haha @alex-kovac |
|
👍 |
|
Yes wrong person. Sorry @alex-kovac.... @AlekseyKorzun ... I wonder how long these people won't respond. This bug is in hundreds of sites. |
|
@ejcx shoot them an email I think they are working on the next version 👯 |
|
This issue affects the QUnit Test Suite bundled with simplecart-js, rather than simplecart-js itself, which may explain - but not excuse - the disinterest shown by the developers. Concerned users can fix this issue by ensuring the Semantically, it's worth noting that this issue relates to file disclosure rather than file inclusion, as it does not lead directly to execution of local files. Unfortunately, the test suite is also vulnerable to Server-Side Request Forgery (SSRF), which this patch PR does not protect against. A more secure patch would be: $urlParts = parse_url($url);
if ($urlParts['scheme'] !== "http" && $urlParts['scheme'] !== "https") exit;This would limit the impact of SSRF attacks which make use of protocol schemes such as Ideally, the test suite should ensure that the requested file is located on the same host on which it's executed, by verifying Alternatively, the README should make mention of the dangers associated with leaving the test suite in the web root directory. Here's some more references regarding the dangers of SSRF. |
|
Come on @bcoles . It's all semantics. I just want to see the bug fixed. |
This file curl allows you to view any file on the system. For example, cloning this repository to the base PHP directory makes a vulnerable page look like this
http://example.com/simplecart-js/test/inc/get-raw-javascript.php?file=file:/etc/passwd