Security vulnerability in Swift 3.3.1

Swift Mailer is a fantastic library for sending email with php. Discuss this library or ask any questions about it here.

Moderators: Chris Corbyn, General Moderators

Post Reply
eliothochberg
Forum Newbie
Posts: 3
Joined: Fri May 23, 2008 12:56 pm

Security vulnerability in Swift 3.3.1

Post by eliothochberg »

Using ShiftThis Newsletter, which uses Swift 3.3.1.

My client assures me that he has not signed into the site today.

Someone ran a smoke test, but none of us ran it. So far, it doesn't
seem to be a hack into WordPress, might be ShiftThis looking into
it, but I want to be sure it isn't in swift.

Is there a known vulnerability in swift that would allow this?

Any help is appreciated!
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Security vulnerability in Swift 3.3.1

Post by Chris Corbyn »

Did you upload the smoke tests? This isn't a security issue in Swift if you uploaded the tests and kept them in the web root ;) The only bit you need is the lib directory.
eliothochberg
Forum Newbie
Posts: 3
Joined: Fri May 23, 2008 12:56 pm

Re: Security vulnerability in Swift 3.3.1

Post by eliothochberg »

Using Swift installed via ShiftThis, the smoke test is available over the web through WordPress.

Also just received 101 test message that no one officially with the site sent.

So is it installed wrong?

Do I need to deactivate the smoke test function?

Should not be there once the system is known to work?

I am very worried that I am leaving the newsletter open to some security issue.

Could someone please explain how an outside person can access this?

Thanks
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Security vulnerability in Swift 3.3.1

Post by Chris Corbyn »

It's not a function. First things first, I write Swift Mailer (a library), I don't write ShiftThis. ShiftThis is somebody else's work which uses my library.

There's a directory called "tests/smokes" somewhere inside that plugin. Delete it. Delete the entire "tests" directory actually. The only bit it needs is the "lib" directory.
eliothochberg
Forum Newbie
Posts: 3
Joined: Fri May 23, 2008 12:56 pm

Re: Security vulnerability in Swift 3.3.1

Post by eliothochberg »

Cool - so I can get rid of the tests directory completely, and not hurt the use of Swift Mailer.

thanks
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Security vulnerability in Swift 3.3.1

Post by Chris Corbyn »

Correct. The tests are just a set of files for analysis. The library is independent of them :)
Post Reply