Open gronke opened 1 year ago
The url query param might contain shell escape or pipeline characters, such as | or ;, resulting in remote code execution:
url
|
;
https://github.com/lanceseidman/PiCAST/blob/ed6a7ba44d023418d2ca27c043e7724b9ecf5581/picast.js#L12
The
urlquery param might contain shell escape or pipeline characters, such as|or;, resulting in remote code execution:https://github.com/lanceseidman/PiCAST/blob/ed6a7ba44d023418d2ca27c043e7724b9ecf5581/picast.js#L12