Skip to content

Develop 047 #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paa93 wants to merge 6 commits into
base: develop-047
Choose a base branch
from
Open

Develop 047 #29

paa93 wants to merge 6 commits into from

Conversation

@paa93
Copy link

@paa93 paa93 commented Apr 15, 2016

Critical security patch, when the panel fails to connect to a running screen session (i.e if a game server crashed) this will kill the page and go back to home rather than giving the user full access to the bash shell.

paa93 and others added 6 commits April 15, 2016 12:02
@paa93
security: validate screen session before proceed
8880793 
Validate the connection to the screen session, if it fails we simply kill the page and return to home instead of giving the user full shell access to whatever user is logged in over ssh.
@paa93
security: validate screen session before proceed
f6728cf 
This will kill the SSH shell if it fails to connect to screen
@paa93
security: validate screen session before proceed
2badf75 
This will kill the SSH shell if it fails to connect to screen
@paa93
security: escape user input to avoid shell access
fa92dfe 
This is a critical vulnerability, assume a user enter this: '"; rm -rf #' and bam, the entire file system for the ssh user is deleted. If it's root then the entire server is removed.
@paa93
security: escape all shell commands modifieable by users
94dc964 
Simply sending a command like: "; mkdir hello_world # into rcon tool
could bypass the screen and create a folder in the shell if shell
commands aren't escaped properly.
@paa93
update: moving to mysqli
4d8ce7b 
php mysql is deprecated and needs to be replaced in order to work in the
future.
elsalamus
elsalamus approved these changes Sep 10, 2020
View reviewed changes
Copy link

@elsalamus elsalamus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@elsalamus elsalamus elsalamus approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paa93 @elsalamus