Remote Code Execution Nightmare #2

Closed
PMLavigne opened this Issue Feb 5, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@PMLavigne

Hey,

index.php is writing un-sanitized data directly to a PHP file and executing it:

    <div align="center">
        '.$_POST['content'].'
    </div>

That's incredibly dangerous and bad, and you should probably take down pulverize.xyz immediately until that's resolved.

@maxisme

This comment has been minimized.

Show comment
Hide comment
@maxisme

maxisme Feb 5, 2016

Owner

Thank you so much for letting us know! I have updated accordingly. https://github.com/maxisme/pulverize/blob/master/index.php#L64

Owner

maxisme commented Feb 5, 2016

Thank you so much for letting us know! I have updated accordingly. https://github.com/maxisme/pulverize/blob/master/index.php#L64

@maxisme maxisme closed this Feb 9, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment