pilon icon indicating copy to clipboard operation
pilon copied to clipboard
verified publisher icon thgh

Shell injection vulnerability

Open Informatic opened this issue 10 years ago • 1 comments

https://github.com/thgh/pilon/blob/master/www/kick.php#L10 https://secure.php.net/manual/en/function.escapeshellarg.php

Also, it's likely one may be able to sabotage your network by injecting parts of iptables rules in multiple exec's with unvalidated user data all over your code.

Informatic avatar Nov 10 '15 11:11 Informatic

You're right, thanks for the remark. I will look into this when the time comes.

thgh avatar Nov 16 '15 20:11 thgh