The direct input of the Filename box is taken into compile.sh script file. By specially writing the filenames it is possible execute arbitrary shell commands on the server. This is a serious security flaw and should be fixed immediately.
The possible solutions are:
Check for the correctness of the filename. Make sure that special characters like space or ;, etc. are not in the filename.
Remove the filename box altogether. In such a case for the language Java, the users have to submit their code in only a single class name possibly something like Main.
The direct input of the
Filenamebox is taken intocompile.shscript file. By specially writing the filenames it is possible execute arbitrary shell commands on the server. This is a serious security flaw and should be fixed immediately.The possible solutions are:
spaceor;, etc. are not in the filename.Main.