FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
The listing below causes an uploaded file to include the string "<?php" at the end of the file if the "parse as PHP" option is selected for the file hosting action.
I haven't had an issue here before yet, but that may be due to insufficient testing since its an early addition in the dev branch. Do you have an example PHP file you are hosting that I can test with?
The listing below causes an uploaded file to include the string "<?php" at the end of the file if the "parse as PHP" option is selected for the file hosting action.
https://github.com/Raikia/FiercePhish/blob/c73d4ad7d787465913dcd00f9a06d56c7cd1baa0/app/HostedFile.php#L36
As a temporary workaround, I changed the line to the following:
This is clearly not a permanent solution, but it is unclear what functionality was originally intended in its current implementation.