[Commotion-admin] [commotion-apps] fixed port input validation to prevent code injection (#4)
danstaples
notifications at github.com
Fri May 24 22:18:29 UTC 2013
to test:
1. try submitting applications with the following values in the port field, and ensure it returns a validation error without opening up a reverse shell (test with "nc <ip address> 1337" and entering shell commands):
`nc -e /bin/sh -l -p 1337`
$(nc -e /bin/sh -l -p 1337)
2. try submitting applications with the following values in both the name and description fields. the application should be *accepted*, but without opening up a reverse shell:
`nc -e /bin/sh -l -p 1337`
$(nc -e /bin/sh -l -p 1337)
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-apps/pull/4#issuecomment-18433126
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130524/a8db864d/attachment.html>
More information about the Commotion-admin
mailing list