Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parameters need filtering #781

Closed
gsocgsoc opened this issue Apr 20, 2016 · 1 comment
Closed

parameters need filtering #781

gsocgsoc opened this issue Apr 20, 2016 · 1 comment
Labels
bug
Milestone
v2.3.0

Comments

@gsocgsoc
Copy link

gsocgsoc commented Apr 20, 2016
edited
Loading

Hi,

The paramenter wxh needs some sanitation before being used by opentsdb.

See example url:

http://opentsdb.com:4242/q?start=2016/04/13-10:21:00&ignore=2&m=sum:jmxdata.cpu&o=&yrange=[0:]&key=out%20right%20top&wxh=1900x770%60id%60&style=linespoint&png

Results in RCE unfortunately

More parameters:

  • wxh
  • start
  • m
  • o
  • key
  • style

Payload:
%60id%60

Regards
@johann8384 johann8384 changed the title Paraments need filtering parameters need filtering Apr 20, 2016
@gsocgsoc
Copy link
Author

mygnuplot.sh

#!/bin/sh
# Because !@#$%^ Java can't fucking do this without a bazillion lines of codes.
set -e
stdout=$1
shift
stderr=$1
shift
exec nice gnuplot "$@" >"$stdout" 2>"$stderr"

mygnuplot.bat

set -e
stdout=$1
shift
stderr=$1
shift
gnuplot %1 2>&1

@manolama manolama added the bug label May 1, 2016
@gsocgsoc gsocgsoc mentioned this issue May 12, 2016
Closed
@johann8384 johann8384 added this to the v2.3.0 milestone May 24, 2016
johann8384 added a commit to johann8384/opentsdb that referenced this issue Jul 6, 2016
@johann8384
Made HTTP Request method checking consistent, fixes a few cases where…
85047ea 
… behavior is unexpected.

Simplified loading of internal RPC Handlers
Stop Sending BAD_REQUEST response as a PNG, allowed random code execution!

Fixes OpenTSDB#793
Fixes OpenTSDB#781
Fixes OpenTSDB#831
Fixes OpenTSDB#830
@johann8384 johann8384 mentioned this issue Jul 6, 2016
Closed
johann8384 added a commit to johann8384/opentsdb that referenced this issue Sep 19, 2016
@johann8384
This is the fix for OpenTSDB#793 and 3781
6bba88c 
Fixes OpenTSDB#781
Fixes OpenTSDB#793
@johann8384 johann8384 mentioned this issue Sep 19, 2016
Merged
johann8384 added a commit to johann8384/opentsdb that referenced this issue Dec 5, 2016
@johann8384
This is the fix for OpenTSDB#793 and 3781
3e92bdf 
Fixes OpenTSDB#781
Fixes OpenTSDB#793
@gsocgsoc gsocgsoc mentioned this issue Mar 20, 2017
Closed
@gsocgsoc gsocgsoc mentioned this issue Jun 12, 2017
Open
johann8384 added a commit to johann8384/opentsdb that referenced this issue Oct 26, 2020
@johann8384
Made HTTP Request method checking consistent, fixes a few cases where…
c04c288 
… behavior is unexpected.

Simplified loading of internal RPC Handlers
Stop Sending BAD_REQUEST response as a PNG, allowed random code execution!

Fixes OpenTSDB#793
Fixes OpenTSDB#781
Fixes OpenTSDB#831
Fixes OpenTSDB#830
johann8384 added a commit to johann8384/opentsdb that referenced this issue Oct 26, 2020
@johann8384
Fixes for OpenTSDB#831, OpenTSDB#830, OpenTSDB#781, OpenTSDB#793
2117e32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v2.3.0
Development

No branches or pull requests
3 participants
@johann8384 @manolama @gsocgsoc