github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 21:04:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Potential remote code execution vulnerability fix.

Browse source 
Can be exploitable, when we have X-Forwarded-For->X-Real-IP
transformation.
This commit is contained in:
INVENT 2015-01-19 15:51:46 +03:00
commit 512283e528
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
web/api/index.php
View file

@ -14,7 +14,8 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
$v_user = escapeshellarg($_POST['user']); $v_user = escapeshellarg($_POST['user']);
$v_password = escapeshellarg($_POST['password']); $v_password = escapeshellarg($_POST['password']);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $auth_code); $v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
} else { } else {
$key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']); $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
if (file_exists($key) && is_file($key)) { if (file_exists($key) && is_file($key)) {