#21 Unauthenticated remote root code execution

Changed from os.system to subprocess that escapes username automatically
Internet-of-People · Jan 14, 2018 · 9b78051 · 9b78051
1 parent 8ecb42f
commit 9b78051
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/vuedj/configtitania/views.py b/vuedj/configtitania/views.py
@@ -12,7 +12,7 @@
 from .models import BoxDetails, RegisteredServices
 from .serializers import BoxDetailsSerializer, RegisteredServicesSerializer
 
-import common, sqlite3, subprocess, NetworkManager, os, crypt, pwd, getpass, spwd 
+import common, sqlite3, subprocess, NetworkManager, crypt, pwd, getpass, spwd
 
 # fetch network AP details
 nm = NetworkManager.NetworkManager
@@ -61,7 +61,8 @@ def get_allAPs():
 
 def add_user(username, password):
     encPass = crypt.crypt(password,"22")
-    os.system("useradd -G docker,wheel -p "+encPass+" "+username)
+    #subprocess escapes the username stopping code injection
+    subprocess.call(['useradd','-G','docker,wheel','-p',encPass,username])
 
 def add_newWifiConn(wifiname, wifipass):
     print(wlans)