Skip to content

Commit 06c0ab2

Browse files
committed
Fix another vulnerability reported by cPanel Security Team (can execute
arbitraty code)
1 parent 36ea0f9 commit 06c0ab2

File tree

1 file changed

+9
-5
lines changed

1 file changed

+9
-5
lines changed

Diff for: wwwroot/cgi-bin/awstats.pl

+9-5
Original file line numberDiff line numberDiff line change
@@ -17145,7 +17145,6 @@ sub HTMLMainExtra{
1714517145

1714617146
if ( $QueryString =~ /config=([^&]+)/i ) {
1714717147
$SiteConfig = &Sanitize("$1");
17148-
$SiteConfig =~ s/\.\.//g; # Avoid directory transversal
1714917148
}
1715017149
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
1715117150
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17191,10 +17190,13 @@ sub HTMLMainExtra{
1719117190
# If migrate
1719217191
if ( $QueryString =~ /(^|-|&|&)migrate=([^&]+)/i ) {
1719317192
$MigrateStats = &Sanitize("$2");
17193+
1719417194
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
17195-
$SiteConfig = $5 ? $5 : 'xxx';
17195+
$SiteConfig = &Sanitize($5 ? $5 : 'xxx');
1719617196
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
1719717197
}
17198+
17199+
$SiteConfig =~ s/\.\.//g; # Avoid directory transversal
1719817200
}
1719917201
else { # Run from command line
1720017202
$DebugMessages = 1;
@@ -17204,9 +17206,10 @@ sub HTMLMainExtra{
1720417206

1720517207
# If migrate
1720617208
if ( $ARGV[$_] =~ /(^|-|&|&)migrate=([^&]+)/i ) {
17207-
$MigrateStats = "$2";
17209+
$MigrateStats = &Sanitize("$2");
17210+
1720817211
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
17209-
$SiteConfig = $5 ? $5 : 'xxx';
17212+
$SiteConfig = &Sanitize($5 ? $5 : 'xxx');
1721017213
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
1721117214
next;
1721217215
}
@@ -17235,7 +17238,6 @@ sub HTMLMainExtra{
1723517238

1723617239
if ( $QueryString =~ /config=([^&]+)/i ) {
1723717240
$SiteConfig = &Sanitize("$1");
17238-
$SiteConfig =~ s/\.\.//g;
1723917241
}
1724017242
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
1724117243
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
@@ -17301,6 +17303,8 @@ sub HTMLMainExtra{
1730117303
$ShowDirectOrigin = 1;
1730217304
$QueryString =~ s/showdirectorigin[^&]*//i;
1730317305
}
17306+
17307+
$SiteConfig =~ s/\.\.//g;
1730417308
}
1730517309
if ( $QueryString =~ /(^|&|&)staticlinks/i ) {
1730617310
$StaticLinks = "$PROG.$SiteConfig";

0 commit comments

Comments
 (0)