camera-pi icon indicating copy to clipboard operation
camera-pi copied to clipboard
verified publisher icon recantha

Fix remote code execution #1

Open 0x27 opened this issue 10 years ago • 0 comments

Passing unsanitized user input into the shell_exec function leads to remote code execution.

In this instance, to execute the id command, one would send a request such as the following:

GET /tilt.php?position=;id

Checking history, a similar issue was previously reported

A similar issue also exists in this file, however I am leaving fixing that as a learning exercise for you.

0x27 avatar Oct 08 '15 22:10 0x27