Thank you for reporting this bug. We will make it our priority to review this report.
  1. #1
    Sencha User olivierpons's Avatar
    Join Date
    Dec 2009
    Location
    Aix en Provence,France
    Posts
    116
    Vote Rating
    1
    olivierpons is on a distinguished road

      0  

    Default [ext 4.0.2a] Security flaw in the php sample

    [ext 4.0.2a] Security flaw in the php sample


    Hi,

    I'm sorry I didn't know where to post this kind of problem, so I went to the "bug" Section.

    In this file :

    Code:
    ./examples/writer/remote/lib/application_controller.php
    In the dispatch() function code, you can read :

    Code:
     20         if ($request->action) {
     21             return $this->{$request->action}();
     22         }
    This means that if someone tries to access to functions he/she shouldn't access, he/she can send a request which will access to those functions.
    This may lead to a security flaw (imagine if someone creates a child class of ApplicationController that has a function like "authenticate()" ), someone from the outside could send a request which will access to this function (create a POST with an "action" variable that has the value "authenticate") and, for example try a brute force attack.

    This code implies that all the descendants have to sanitize the input ($request) before calling the dispatch() function.

    Maybe a big warning in the comments is missing?

    Tell me if I'm wrong, and if so, I apologize.

  2. #2
    Sencha - Ext JS Dev Team evant's Avatar
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    16,797
    Vote Rating
    602
    evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute

      0  

    Default


    The server side code is just used to drive the examples, it's obviously your application code should use something more secure.
    Evan Trimboli
    Sencha Developer
    Twitter - @evantrimboli
    Don't be afraid of the source code!

  3. #3
    Sencha User olivierpons's Avatar
    Join Date
    Dec 2009
    Location
    Aix en Provence,France
    Posts
    116
    Vote Rating
    1
    olivierpons is on a distinguished road

      0  

    Default


    You're right. This is just an example, because this is much worse:

    Code:
    ./examples/writer/app.php
    Code:
     10     require('remote/app/controllers/' . $request->controller . '.php');


    Thank you for your answer,

    Olivier.

Thread Participants: 1

Turkiyenin en sevilen filmlerinin yer aldigi xnxx internet sitemiz olan ve porn sex tarzi bir site olan mobil porno izle sitemiz gercekten dillere destan bir durumda herkesin sevdigi bir site olarak tarihe gececege benziyor. Sitenin en belirgin ozelliklerinden birisi de Turkiyede gercekten kaliteli ve muntazam, duzenli porno izle siteleri olmamasidir. Bu yuzden iste. Ayrica en net goruntu kalitesine sahip adresinde yayinlanmaktadir. Mesela diğer sitelerimizden bahsedecek olursak, en iyi hd porno video arşivine sahip bir siteyiz. "The Best anal porn videos and slut anus, big asses movies set..." hd porno faketaxi