search

opentechinstitute / luci-commotion

Commotion configuration pages for the LuCI web interface
GNU General Public License v3.0
11 stars 17 forks source link

[CLOSED] fixed port input validation to prevent code injection #322

Closed oti-tech closed 10 years ago

oti-tech commented 10 years ago

Issue by dismantl Wednesday May 22, 2013 at 20:55 GMT Originally opened as https://github.com/opentechinstitute/luci-commotion-apps/pull/4

dismantl included the following code: https://github.com/opentechinstitute/luci-commotion-apps/pull/4/commits

oti-tech commented 10 years ago

Comment by dismantl Friday May 24, 2013 at 22:18 GMT

to test:

  1. try submitting applications with the following values in the port field, and ensure it returns a validation error without opening up a reverse shell (test with "nc 1337" and entering shell commands):

nc -e /bin/sh -l -p 1337 $(nc -e /bin/sh -l -p 1337)

  1. try submitting applications with the following values in both the name and description fields, and with a value > 0 in the hop-count field. the application should be accepted, but without opening up a reverse shell:

nc -e /bin/sh -l -p 1337 $(nc -e /bin/sh -l -p 1337)