WordPress.org

Ready to get started?Download WordPress

Forums

WP Document Revisions
Major Security Issues (2 posts)

  1. maxsupernova
    Member
    Posted 1 year ago #

    If I have a link to one file, I can download it regardless of whether I am logged in or not.

    For example, I set up a wordpress install at mydomain.com/testwp, then installed the plugin and uploaded a couple of files. From a completely different machine I can enter this URL and get a file:

    http://mydomain.com/testwp/wp-content/plugins/sp-client-document-manager/download.php?fid=2

    [OBVIOUSLY THAT IS A FAKE URL, ENTER YOUR OWN]

    That will download a file that is in the system regardless of who goes to that link.

    Additionally, simply by incrementing the FID, I can download all of the files in the repository.

    The only security that seems to be enabled is to hope that someone doesn't figure out your URL. Any single user that has access to one file can now get every file on your system.

    Comments?

    http://wordpress.org/extend/plugins/wp-document-revisions/

  2. phpguy
    Member
    Posted 1 year ago #

    Hi Max, certainly not a optimal situation if you are trying to protect your content.

    I would think you could take care of authentication in the "download.php", then if the user passes send them the file

    http://wordpress.org/support/topic/tutorial-how-to-check-if-user-is-logged-in-or-a-visitter?replies=4

    If the user guesses your "real" download URL ie http://www.test.com/filerepo/download-my-pdf.pdf then then things can get a little more complicated. Ive done with with "7 day pass" reload links in the past.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.