Permalink
Browse files

Fix another vulnerability reported by cPanel Security Team (can execute

arbitraty code)
  • Loading branch information...
eldy committed Dec 27, 2017
1 parent 36ea0f9 commit 06c0ab29c1e5059d9e0279c6b64d573d619e1651
Showing with 9 additions and 5 deletions.
  1. +9 −5 wwwroot/cgi-bin/awstats.pl
View
@@ -17145,7 +17145,6 @@ sub HTMLMainExtra{
if ( $QueryString =~ /config=([^&]+)/i ) {
$SiteConfig = &Sanitize("$1");
$SiteConfig =~ s/\.\.//g; # Avoid directory transversal
}
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17191,10 +17190,13 @@ sub HTMLMainExtra{
# If migrate
if ( $QueryString =~ /(^|-|&|&)migrate=([^&]+)/i ) {
$MigrateStats = &Sanitize("$2");
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
$SiteConfig = $5 ? $5 : 'xxx';
$SiteConfig = &Sanitize($5 ? $5 : 'xxx');
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
}
$SiteConfig =~ s/\.\.//g; # Avoid directory transversal
}
else { # Run from command line
$DebugMessages = 1;
@@ -17204,9 +17206,10 @@ sub HTMLMainExtra{
# If migrate
if ( $ARGV[$_] =~ /(^|-|&|&)migrate=([^&]+)/i ) {
$MigrateStats = "$2";
$MigrateStats = &Sanitize("$2");
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
$SiteConfig = $5 ? $5 : 'xxx';
$SiteConfig = &Sanitize($5 ? $5 : 'xxx');
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
next;
}
@@ -17235,7 +17238,6 @@ sub HTMLMainExtra{
if ( $QueryString =~ /config=([^&]+)/i ) {
$SiteConfig = &Sanitize("$1");
$SiteConfig =~ s/\.\.//g;
}
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17301,6 +17303,8 @@ sub HTMLMainExtra{
$ShowDirectOrigin = 1;
$QueryString =~ s/showdirectorigin[^&]*//i;
}
$SiteConfig =~ s/\.\.//g;
}
if ( $QueryString =~ /(^|&|&)staticlinks/i ) {
$StaticLinks = "$PROG.$SiteConfig";

0 comments on commit 06c0ab2

Please sign in to comment.