PRP: Flowable Exposed UI RCE

[devampkid]

Hello, this is related to google/tsunami-security-scanner-plugins#675

[giacomo-doyensec]

Hi @devampkid,
please update the testbed accordingly to the modifications from google/tsunami-security-scanner-plugins@debc54a. Add a safe setup and relative instruction in the readme file if possible, thanks!

[devampkid]

@giacomo-doyensec I forgot to update this testbed; I've updated it now.

[devampkid]

@robert-doyensec, the setup is done without the need for any proxy.

[robert-doyensec]

@tooryx is disabling authentication by replacing the spring security configuration or by adding a reverse proxy okay? The original PRP said that authentication was not required, and it is possible to configure this without authentication, but not very easy as with some other services where it's simply editing a configuration value or missing authentication by default. google/tsunami-security-scanner-plugins#675