irssi-growl icon indicating copy to clipboard operation
irssi-growl copied to clipboard

Published 20 hours ago verified publisher icon jashmenn

Vulnerable to arbitrary command execution

Open cdown opened this issue 10 years ago • 2 comments

Hi,

Just to let you know, your use of system() is vulnerable to arbitrary command execution (this situation is especially bad since it can be invoked by anyone over IRC). Filtering characters is not enough. Don't use system(), use a real subprocess spawner that doesn't involve using a shell.

cdown avatar Jan 06 '15 23:01 cdown

Specifically, because you do not properly sanitise all your variables, only $data, and the rest still have arbitrary input.

cdown avatar Jan 07 '15 00:01 cdown

This is a very good point - I don't really use this any more, but people should be aware of it if they do.

jashmenn avatar Jan 07 '15 01:01 jashmenn