Closed b1tninja closed 4 years ago
Some things I thought of:
maybe chown the jail/chroot as another user chown/chmod:
perhaps avoid FTP altogether-- its a weird protocol... I didn't bother to see if you support PASV/PORT mode, but in theory maybe could be used as a proxy/nuisance and isn't very "secure"
Hey, thanks for the heads-up, i dont mind at all, id rather know than not! I was/am aware the credentials are in the app, kind-of a necessary evil, and took some basic steps to try to prevent any credentials being of much use, but i see some..."weird" stuff in my .htaccess which 100% didn't used to be there:
<Location /hax> SetHandler server-status Order Allow,Deny
Anyway! As for how to get about fixing it, I do have SSH access to the server, in a roundabout way, but its a simple "website and hosting" package, i don't have root access, nor can i modify anything outside of my home directory.
Ive just gone through the code and removed the ability for the user to upload anything that isnt .bin or .tar, but i need to remove the ability of that user to SSH too. Il have to work with the web hoster to see what they can do.
The credentials aren't well protected, and though you have rssh, I think there may be ways to escalate privs on the hosting infrastructure. Maybe setting an environment variable, or uploading a .so to be used as a cipher, or by messing with .htaccess--- I don't have any malicious intent but I poked around a bit, you being the hacker type I figure you wouldn't mind... I might be able to help further lock things down if you care to reach out to me