qinming99
ShellUtil. execShellBin() has a command execution vulnerability
Hey, gays In your V1.5.0 project source code, I found that there are command execution vulnerabilities in multiple interfaces. Such like , 1、com.tugos.dst.admin.controller.HomeController#masterConsole 2、com.tugos.dst.admin.controller.HomeController#sendBroadcast 3、com.tugos.dst.admin.controller.HomeController#kickPlayer 4、com.tugos.dst.admin.controller.HomeController#cavesConsole
Check the source code and find that the factors causing security problems are all from this function method:
com.tugos.dst.admin.utils.ShellUtil#execShellBin
public static void execShellBin(String shell) { try { Runtime.getRuntime().exec(new String[]{"/bin/sh", "-c", shell}, null, null); } catch (Exception e) { log.error("运行shell脚本失败:",e); } }
