The legacy Deltik products were creations of the Deltik community from 2008 to 2011, and they have been exported for public download.
In the past, Deltik's products site,
products.deltik.org, provided demos of the products published by Deltik from 2008 to 2011. Some of these products have serious security or performance flaws that made them unsuitable for demoing on Deltik.
As a result, the old products, now collectively called the "Legacy Deltik Products", have been taken off of the demo site and published as an unsupported archive.
The Legacy Deltik Products can be copied to any web server running PHP 5, and they should run roughly as they did on Deltik. Note that some paths were hard-coded and may break on your web server if you aren’t pretending to use the virtual host
Either of these commands performs the download and extraction into the current directory:
<code>curl -L 'https://github.com/Deltik/products-legacy/raw/main/products.tar.xz' | tar -xJvf -</code>
<code>curl -L 'https://content.deltik.org/products/legacy/products.tar.xz' | tar -xJvf -</code>
What's Happening to products.deltik.org
just contains a static page explaining what happened to the Legacy Deltik Products. If I choose to make something of the subdomain, I'll replace it with whatever succeeds the Legacy Deltik Products.
Problems with the Demos
The demos ran on the same unprivileged user as the main Deltik website, which means that compromising one of the demos would allow an attacker to take control of Deltik. I provide an example of a partial exploit in the extended version of this news post. (I figured that it would be pointless to demonstrate a full exploit, since the demos are no longer running here.)
It was also possible to do some denial of service attacks and proxy some attacks through this server. I present a high-level overview of some attack examples in the extended version of this news post.