Yes, I was a bit too harsh. It is still very suitable for Intra!-web appcications, but it is not very suitable for internet applications because of its inherent vulnerabilities that nobody has fixed yet.
So: it is a welcome port, but don't use it outside of a local network.
The latter can of course be mitigated by using a more modern front-end.
I also used it a lot in the past, but I also hacked it - legally, CEH - a lot in the past..
CVE-2017-17527
CVE-2007-0533
to name a few.
It is also very easy to force access violations at runtime in its codebase.
Which is basically also a means of getting control.
I won't get into much further detail, but a web application using Intraweb can be hacked in minutes, not months or years, and it is quite easy to detect if a web application has been written with Intraweb.
Hi Thaddy,
Your comments are interesting.
CVE-2007-0533 is precisely 18 years old. It's just like complaining to Microsoft about a bug not fixed in Windows XP.
I doubt that this applies to any recent IntraWeb version. First, because it shares almost no code with that old version. Second, because there is no OnBeforeDispatch processing in IntraWeb. There is an event that you can of course add anything including code that won't work or will crash the server (Just like I can do in any other language and framework).
CVE-2017-17527 is not related to IntraWeb, but to PasDoc which I have never used myself and I'm positive that has no relationship with IntraWeb or any Atozed product.
Recent versions of PHP, released less than 2 years ago (not 18 years), are much more vulnerable to attacks (and much more harmful than just a DoS).
We have IntraWeb customers around the world with applications that are constantly tested and submitted to independent auditing and they show a completely different scenario that the one that you are painting here.
Anyway, I'm open if you want to discuss this further. You can reach me at: alexandre at atozed dot com
Cheers,
Recent
