mxmehl/uberspace-webadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

further password disclosure avoidance

Browse Source
This commit is contained in:
mxmehl
2015-07-10 13:49:23 +03:00
parent c8e7acb3b2
commit 4c1d2bd0fe
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
action.sh
View File

@@ -31,7 +31,7 @@ source config.cfg
ACTION="$1" # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata ACTION="$1" # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
USER="$2" USER="$2"
PASS="$3" PASS=$(cat "$3")
## FUNCTIONS ## FUNCTIONS
function checkaction { function checkaction {

16
submit.php
View File

@@ -20,17 +20,23 @@ $USER = $_POST['user'];
$PASS = $_POST['pass']; $PASS = $_POST['pass'];
$SURE = $_POST['sure']; $SURE = $_POST['sure'];
// Sanitize variables
$ACTION = escapeshellarg($ACTION);
$USER = escapeshellarg($USER);
$PASS = escapeshellarg($PASS);
$RAND = mt_rand(100000, 999999); $RAND = mt_rand(100000, 999999);
$PASSFILE = $RAND . 'pass'; $PASSFILE = $RAND . '.pass';
file_put_contents($PASSFILE, $PASS); file_put_contents($PASSFILE, $PASS);
// Checks if checkbox is activated (default at most forms) // Checks if checkbox is activated (default at most forms)
if($SURE == "yes") if($SURE == "yes")
{ {
// Creates full command but sanitizes the arguments first // Creates full command
$command = '/bin/bash action.sh ' . escapeshellarg($ACTION) . ' ' . escapeshellarg($USER) . ' ' . escapeshellarg($PASS); $command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASS;
// Execute sanitized command and give output // Execute command and give output
$output = shell_exec($command); $output = shell_exec($command);
echo "<pre>$output</pre>"; echo "<pre>$output</pre>";
} }
@@ -39,6 +45,8 @@ else
echo "You did not hit the necessary checkbox. Aborting."; echo "You did not hit the necessary checkbox. Aborting.";
} }
//unlink($PASSFILE);
?> ?>
</tr></td></table> </tr></td></table>