0

I have Processmaker 3.1.3 running into an RHEL-7 server. But recently I found that the server is vulnerable by path traversal attack. The entire application is running through the file App.php into the $App_Dir/workflow/public_html directory handling the url redirection and other operations. Currently, I'm using this piece of code to prevent the problem at the top of the App.php located into $App_Dir/workflow/public_html.

<?php
 $url = $_SERVER['REQUEST_URI'];  
 $key = "../";  
   if (strpos($url, $key) == true) {   
     die("Forbiden");  
   }
?>

But I think this is not a perfect solution. The application might get stuck at any time. Any recommendation /Solution?

TIA

shyamzzp
  • 115
  • 7
Shobuj
  • 47
  • 1
  • 7

1 Answers1

0

This is not sufficient because the URL could be encode in so many format for "../". You need to enforce your input validation to solve your issue.

  1. You should use a function who will work with the realpath (https://www.php.net/manual/en/function.realpath.php) to obtain the path of your file.
  2. You should after that validate the result path against your business rules. The list of the path allowed should be done in a whitelist approach (you should list all the directory you want) and not a blacklist approach (the one you present in your code).
SPoint
  • 582
  • 2
  • 10