[Commotion-admin] [luci-commotion] [CLOSED] fixed port input validation to prevent code injection (#322)
oti-tech
notifications at github.com
Wed Jun 18 13:49:18 EDT 2014
<a href="https://github.com/dismantl"><img src="https://avatars.githubusercontent.com/u/2007008?" align="left" width="48" height="48" hspace="10"></img></a> **Comment by [dismantl](https://github.com/dismantl)**
_Friday May 24, 2013 at 22:18 GMT_
----
to test:
1. try submitting applications with the following values in the port field, and ensure it returns a validation error without opening up a reverse shell (test with "nc <ip address> 1337" and entering shell commands):
\`nc -e /bin/sh -l -p 1337\`
$(nc -e /bin/sh -l -p 1337)
2. try submitting applications with the following values in both the name and description fields, and with a value > 0 in the hop-count field. the application should be *accepted*, but without opening up a reverse shell:
\`nc -e /bin/sh -l -p 1337\`
$(nc -e /bin/sh -l -p 1337)
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/luci-commotion/issues/322#issuecomment-46469480
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20140618/48e5bcf8/attachment.html>
More information about the Commotion-admin
mailing list