Open mal-tee opened 8 months ago
mal-tee
commented
6 months ago Dear maintainer(s),
I am getting in touch again to ask you for a security contact. We want to disclose a (potential) security vulnerability in your project responsibly. Feel free to respond with your preferred method of disclosure in this issue or via email: ias-disclosure@tu-braunschweig.de
Please note that we anticipate to release our findings later this year.
Thank You
Frecuencio
commented
2 months ago Hi there,
I appreciate your message regarding the project. I am interested in understanding the issue you are describing. Please feel free to share it in this thread. This project is not actively developed at the moment, but I will do my best to address and resolve any issues that arise.
Looking forward to hearing more details. Thank you.
mal-tee
commented
2 months ago Hi,
you use user input with file_get_contents here:
You check for Local File Inclusion (".."), but users might be able to request arbitrary network resources since file_get_contents can also conduct network requests. Since you are using file_exists only those schemes can be used that are stat-able, but an attacker might trigger a FTP request via an ftp:// URL. This is called Server-Side Request Forgery, you can learn more about at at OWASP: https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
Hello maintainer(s),
I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.
We would like to report this vulnerability to you in a responsible and ethical manner. Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.
Could you please let us know your prefered way of receiving security reports?
You can contact us at ias-disclosure@tu-braunschweig.de or by replying to this issue.
Thank you for your attention and cooperation.