tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5702-problema-de-seguridad-en-quicksell-escalado-de-privilegios-remoto' into 'develop'

Browse Source 
1st approach avoid quick_shell vulnerability (telnet)

See merge request artica/pandorafms!3170
This commit is contained in:
Alejandro Fraguas 2020-05-08 14:16:06 +02:00
commit 73ce23bfd8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pandora_console/extensions/quick_shell.php
View File

@ -188,9 +188,10 @@ function quickShell()
} else if ($method == 'telnet') { } else if ($method == 'telnet') {
// Telnet. // Telnet.
$port = $config['gotty_telnet_port']; $port = $config['gotty_telnet_port'];
$username = preg_replace('/[^a-zA-Z0-9\-\.]/', '', $username);
$command_arguments = "var args = '?arg=-l ".$username; $command_arguments = "var args = '?arg=-l ".$username;
$command_arguments .= '&arg='.$address; $command_arguments .= '&arg='.$address;
$command_arguments .= '&arg='.$method_port."';"; $command_arguments .= '&arg='.$method_port."&arg=-E';";
} else { } else {
ui_print_error_message(__('Please use SSH or Telnet.')); ui_print_error_message(__('Please use SSH or Telnet.'));
return; return;