Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shell injection vulnerability #8

Open
Informatic opened this issue Nov 10, 2015 · 1 comment
Open

Shell injection vulnerability #8

Informatic opened this issue Nov 10, 2015 · 1 comment

Comments

@Informatic
Copy link

https://github.com/thgh/pilon/blob/master/www/kick.php#L10
https://secure.php.net/manual/en/function.escapeshellarg.php

Also, it's likely one may be able to sabotage your network by injecting parts of iptables rules in multiple exec's with unvalidated user data all over your code.
thgh added a commit that referenced this issue Nov 16, 2015
@thgh
Mention security state in readme #8
d125a09
@thgh
Copy link
Owner

thgh commented Nov 16, 2015

You're right, thanks for the remark. I will look into this when the time comes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thgh @Informatic