search

MaestroError / php-heic-to-jpg

The easiest way to convert HEIC images to JPEG with PHP and Laravel framework
MIT License
148 stars 20 forks source link

RCE on the exec PHP-Class function #32

Closed marcoris closed 9 months ago

marcoris commented 10 months ago

Question

Is there an other possibility to run the command in other functions then exec?

PoC

Setting filename to ";whoami;# is showing the whoami command on the system: image

ls is also possible in that example so as cd ... You can combine multiple commands as shown here: cs ..;ls

MaestroError commented 10 months ago

Hi @marcoris! Thanks for reaching out. I seems like a serious security issue. The exec command now uses quotes ('imagePath'), have you installed the latest version of this package?

marcoris commented 9 months ago

Hi @marcoris! Thanks for reaching out. I seems like a serious security issue. The exec command now uses quotes ('imagePath'), have you installed the latest version of this package?

Hello @MaestroError i didn't forget your question. I will test it again with the latest version ASAP and report my result.

marcoris commented 9 months ago

@MaestroError i have tested it with the latest version and is still "vulnerable". i made a pull request with the tested fix that now is working. maybe you can test it also?

MaestroError commented 9 months ago

Thank you very much @marcoris ❤️ Sure, I will test and merge it 👍

MaestroError commented 9 months ago

Here is a new release: https://github.com/MaestroError/php-heic-to-jpg/releases/tag/v1.0.5

Just update the package and keep getting things done ❤️