You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the value in that txt file, you can view the log:
http://[YourMuximux]/muximux.php?secret=XXXXX&action=log
Or you can write to the log. Not sure what the size limit is here. I guess someone could exploit it and fill up your server with garbage.
http://[YourMuximux]/muximux.php?secret=XXXXX&action=writeLog&msg=Blah
Cheers.
The text was updated successfully, but these errors were encountered:
While muximux doesn't contain perfect security by no means, this particular problem is a non-issue as far as I can tell. Can you show a proof of concept?
Also, we encourage all users to always secure their installation with Basic Auth or other means of securing it.
I tried doing what you wrote, but the log file is not written to in this scenario.
FWIW - I've already addressed this in the working codebase I've got local on my machine. Secret.txt is no longer, and the key is stored in the protected config file with other settings.
Just got a few more days on UI work, then I'll have these changes committed to the develop branch.
Hi,
I believe these URLs are open
http://[YourMuximux]/secret.txt
Using the value in that txt file, you can view the log:
http://[YourMuximux]/muximux.php?secret=XXXXX&action=log
Or you can write to the log. Not sure what the size limit is here. I guess someone could exploit it and fill up your server with garbage.
http://[YourMuximux]/muximux.php?secret=XXXXX&action=writeLog&msg=Blah
Cheers.
The text was updated successfully, but these errors were encountered: