Page 1 of 1

Security issues that compromise (an old version of) the application.

Posted: 17 Jan 2022, 23:17
by Frapster
All

Be very careful as this application has a few holes that need to be closed to protect the information and stop the application from being compromised.

We found that they were using the site as a proxy and being able to still upload and execute files even with the .htaccess file changes as the system did not verify the file extension so they were able to upload .XML and .PHP files. these are automated servers running scripts.

we found the following site that Nicholas Ferreira has kindly provided a script to test the security on your site to make sure it has not been compromised as well as a fix to stop them from hacking your site. I would recommend everyone do this ASAP.

https://github.com/Nickguitar/RevCAT

he has a fix here

https://github.com/opencats/OpenCATS/co ... f15ed8ebe1

Re: SECURITY ISSUES THAT COMPROMISE (AN OLD VERSION OF) THE APPLICATION.

Posted: 10 Mar 2022, 18:25
by franco_ca
Thank you very much for sharing, I will apply this fix to my build ASAP.

Re: SECURITY ISSUES THAT COMPROMISE (AN OLD VERSION OF) THE APPLICATION.

Posted: 27 May 2022, 10:40
by RussH
Also note that version 0.9.4 is quite old and requires a very old version of PHP and you should be on version 0.9.6 in any case which is the current release.