Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run Code executes the client side rendered php #1188

Closed
gefd opened this issue Dec 17, 2024 · 3 comments
Closed

Run Code executes the client side rendered php #1188

gefd opened this issue Dec 17, 2024 · 3 comments

Comments

@gefd
Copy link

gefd commented Dec 17, 2024

This is likely to be exploitable. The run code button should run the snippet from the serverside.

Screenshot from 2024-12-17 12-44-20
Screenshot from 2024-12-17 12-46-10
@damianwadley
Copy link
Member

It's only exploitable if the page allows XSS and/or if there's a breach in the nature of WASM such that it could cause a problem in a user's browser or computer. Can you demonstrate that?

@gefd
Copy link
Author

gefd commented Dec 30, 2024

This is obviously a non-issue. I didn't dig deep enough initially to see that it's using php-wasm and assumed it was running server side :)

@gefd gefd closed this as completed Dec 30, 2024
@damianwadley
Copy link
Member

You're definitely right that it's not apparent how it works when you run one of the code examples. Good news is that problem is one of the reasons why I created php/doc-en#4353 earlier today - in fact, I found your report here while I was writing it up and looking for past Issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gefd @damianwadley