Security issues #158
Labels
Comments
|
Shows an empty page for me. |
|
Hey! While muximux doesn't contain perfect security by no means, this particular problem is a non-issue as far as I can tell. Can you show a proof of concept? I tried doing what you wrote, but the log file is not written to in this scenario. Thanks for your report nevertheless. |
|
FWIW - I've already addressed this in the working codebase I've got local on my machine. Secret.txt is no longer, and the key is stored in the protected config file with other settings. Just got a few more days on UI work, then I'll have these changes committed to the develop branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I believe these URLs are open
http://[YourMuximux]/secret.txt
Using the value in that txt file, you can view the log:
http://[YourMuximux]/muximux.php?secret=XXXXX&action=log
Or you can write to the log. Not sure what the size limit is here. I guess someone could exploit it and fill up your server with garbage.
http://[YourMuximux]/muximux.php?secret=XXXXX&action=writeLog&msg=Blah
Cheers.
The text was updated successfully, but these errors were encountered: