Fix security issues (RCE)

Question

Fix security issues (RCE)

kpcyrd opened this issue 9 years ago · 4 comments

I've quickly looked over the code for some minutes and got limited code execution on your server, please have a look at https://secure.php.net/manual/en/function.escapeshellarg.php and some best practises in general.

Answer 1 · 2015-10-23T12:47:37.000Z

As I mentioned earlier every user input is verified at the beginning of the script and it exits if it's not valid. It's not currently vulnerable, but your proposition is a better practice.

I will definitely implement this.

Answer 2 · 2015-10-23T12:50:29.000Z

@cloutier The filter is bypassable. I've actually tested this on your server.

Answer 3 · 2015-10-23T13:06:48.000Z

@kpcyrd Can you send me what query you used? vincent1cloutier@gmail.com

Answer 4 · 2015-10-23T13:34:20.000Z

I don't have access to my mails right now, I'm going to send it to you within a few hours.

preg_match('/^[a-z0-9]+$/i', ... also mitigates the issue, I recommend this as a hotfix.