This repository has been archived by the owner on Apr 28, 2020. It is now read-only.

Security Issues #57

Open

Coryf88 opened this issue Apr 19, 2017 · 1 comment

Coryf88 commented Apr 19, 2017

OCAP Version: 0.5.0.1-beta
Server OS: N/A

Description:

Admin page unprotected: Admin site not password protected #45
Download malicious remote file to server (PHP < 4.22)
SQL Injection
display_errors/display_startup_errors enabled.
phpinfo() accessible: Included info.php in release.
Download malicious remote file to server (OCAP Master >= Sep 18, 2016) bec7380

Steps to reproduce: N/A

RPT File: N/A

The text was updated successfully, but these errors were encountered:

arma-miksu commented Apr 10, 2018

XSS from central remote server: https://github.com/mistergoodson/OCAP/blob/master/web/index.php#L51

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.