New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Command injection vulnerability（命令注入漏洞，可以获取服务器权限） #704

Closed

Rvn0xsy opened this issue Sep 22, 2022 · 0 comments

Rvn0xsy commented Sep 22, 2022

trojan/util/linux.go

Lines 97 to 100 in c5fafe2

    
           // LogChan 指定服务实时日志, 返回chan 
        
           func LogChan(serviceName, param string, closeChan chan byte) (chan string, error) { 
        
           	cmd := exec.Command("bash", "-c", fmt.Sprintf("journalctl -f -u %s -o cat %s", serviceName, param))

LogChan 函数没有过滤param参数的输入，可以执行操作系统命令。

The LogChan function does not filter the input of the param parameter and can execute operating system commands.

Jrohy closed this as completed in

f6b9d3b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment