From 5eb9f6adc95c36219c649fda9ec7fb2b539bb1bc Mon Sep 17 00:00:00 2001 From: NewEraCracker Date: Fri, 8 Jan 2016 16:04:17 +0000 Subject: Improve the output of exec.php ...And fix a possible XSS when executing PHP commands ...But we all know XSS is the least of concenrs here :P --- src/usr/local/www/exec.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'src/usr/local/www/exec.php') diff --git a/src/usr/local/www/exec.php b/src/usr/local/www/exec.php index 5264df4..6d6d386 100644 --- a/src/usr/local/www/exec.php +++ b/src/usr/local/www/exec.php @@ -226,17 +226,15 @@ if (!isBlank($_POST['txtCommand'])):?>

Shell Output -

- 
 &1', $output);
-	foreach ($output as $line) {
-		print(htmlspecialchars($line) . "\r\n");
-	}
+
+	$output = implode("\n", $output);
+	print("
" . htmlspecialchars($output) . "
");
 ?>
-
@@ -289,7 +287,7 @@ if (!isBlank($_POST['txtCommand'])):?> // This is intended to prevent bad code from breaking the GUI if (!isBlank($_POST['txtPHPCommand'])) { puts("
PHP response
"); - puts("
");
+
 		$tmpname = tempnam("/tmp", "");
 		$phpfile = fopen($tmpname, "w");
 		fwrite($phpfile, "
 		fwrite($phpfile, "?>\n");
 		fclose($phpfile);
 
+		$output = array();
 		exec("/usr/local/bin/php " . $tmpname, $output);
 
-		for ($i=0; $i < count($output); $i++) {
-			print($output[$i] . "\n");
-		}
-
 		unlink($tmpname);
 
+		$output = implode("\n", $output);
+		print("
" . htmlspecialchars($output) . "
");
+
 //		echo eval($_POST['txtPHPCommand']);
-		puts(" 
"); puts("
"); ?>