OpenWrt plugin has a command injection vulnerability

[lakemoon602]

问题描述

vuln file: https://github.com/messense/aliyundrive-webdav/openwrt/luci-app-aliyundrive-webdav/luasrc/controller/aliyundrive-webdav.lua

重现步骤

When deal with action_query_qrcode request,sid parameter is vulnerable to OS command injection.

版本

2.3.3

运行平台

Openwrt

日志

[messense]

都登录进路由器后台了，早有 root 权限了，纠结这点问题意义不大吧。