[Commotion-admin] [luci-commotion-apps] RCE in add local applications form ‘ipaddr’ parameter (Critical) (#10)
dismantl
notifications at github.com
Mon Oct 14 15:17:25 UTC 2013
I will add more input sanitizing for now, but in the long term, I imagine my shell call to nc will be replaced by the use of commotiond's (not-yet-implemented) socket library (with corresponding Lua bindings) to perform a connectivity check.
Does that seem reasonable?
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion-apps/issues/10#issuecomment-26262576
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20131014/1e8a105a/attachment.html>
More information about the Commotion-admin
mailing list