mxmehl/uberspace-webadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

further password disclosure avoidance

Browse Source
This commit is contained in:
mxmehl
2015-07-10 14:07:17 +03:00
parent 4c1d2bd0fe
commit 70f12a69d4
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
action.sh
View File

@@ -31,7 +31,7 @@ source config.cfg
ACTION="$1" # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
USER="$2"
PASS=$(cat "$3")
PASS=$(cat "$3") # $3 is a file containing the password
## FUNCTIONS
function checkaction {

2
submit.php
View File

@@ -34,7 +34,7 @@ file_put_contents($PASSFILE, $PASS);
if($SURE == "yes")
{
// Creates full command
$command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASS;
$command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASSFILE;
// Execute command and give output
$output = shell_exec($command);