using local editor functionality broken

Question

using local editor functionality broken

mihkelraba opened this issue 4 years ago · 1 comments

Bug description:

According to weevely wiki, user can use local gedit / vi / pico to edit remote file. This functionality worked fine in version 3.7.0
In 4.0.1 vi / pico is executed locally in remote server and shell hangs.

Version:

weevely 4.0.1 / latest Kali 2020.2 rolling

From terminal:

$ pico newfile.txt

Remote server

# ps axuf
www-data  4329  0.0  0.9 497996 19404 ?        S    19:19   0:00  \_ /usr/sbin/apache2 -k start
www-data  4439  0.0  0.0   4628   876 ?        S    19:24   0:00      \_ sh -c pico newfile.txt 2>&1
www-data  4440 99.9  0.1  20256  3000 ?        R    19:24   3:50          \_ pico newfile.tx

Answer 1 · 2020-05-30T17:08:57.000Z

This is expected, the aliases like vi are picked up when only the PHP shell is available.

The wiki page you link says it is a limited environment with the system command functions disabled by the disable_functions PHP config.