mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
064e997373
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
70 lines
2.5 KiB
Diff
70 lines
2.5 KiB
Diff
From 06c0ab29c1e5059d9e0279c6b64d573d619e1651 Mon Sep 17 00:00:00 2001
|
|
From: Laurent Destailleur <eldy@destailleur.fr>
|
|
Date: Wed, 27 Dec 2017 13:39:57 +0100
|
|
Subject: [PATCH] Fix another vulnerability reported by cPanel Security Team
|
|
(can execute arbitraty code)
|
|
|
|
---
|
|
wwwroot/cgi-bin/awstats.pl | 14 +++++++++-----
|
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
|
|
index fca4900f..4f14c6ee 100755
|
|
--- a/wwwroot/cgi-bin/awstats.pl
|
|
+++ b/wwwroot/cgi-bin/awstats.pl
|
|
@@ -17145,7 +17145,6 @@ if ( $ENV{'GATEWAY_INTERFACE'} ) { # Run from a browser as CGI
|
|
|
|
if ( $QueryString =~ /config=([^&]+)/i ) {
|
|
$SiteConfig = &Sanitize("$1");
|
|
- $SiteConfig =~ s/\.\.//g; # Avoid directory transversal
|
|
}
|
|
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
|
|
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
|
|
@@ -17191,10 +17190,13 @@ if ( $ENV{'GATEWAY_INTERFACE'} ) { # Run from a browser as CGI
|
|
# If migrate
|
|
if ( $QueryString =~ /(^|-|&|&)migrate=([^&]+)/i ) {
|
|
$MigrateStats = &Sanitize("$2");
|
|
+
|
|
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
|
|
- $SiteConfig = $5 ? $5 : 'xxx';
|
|
+ $SiteConfig = &Sanitize($5 ? $5 : 'xxx');
|
|
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
|
|
}
|
|
+
|
|
+ $SiteConfig =~ s/\.\.//g; # Avoid directory transversal
|
|
}
|
|
else { # Run from command line
|
|
$DebugMessages = 1;
|
|
@@ -17204,9 +17206,10 @@ else { # Run from command line
|
|
|
|
# If migrate
|
|
if ( $ARGV[$_] =~ /(^|-|&|&)migrate=([^&]+)/i ) {
|
|
- $MigrateStats = "$2";
|
|
+ $MigrateStats = &Sanitize("$2");
|
|
+
|
|
$MigrateStats =~ /^(.*)$PROG(\d{0,2})(\d\d)(\d\d\d\d)(.*)\.txt$/;
|
|
- $SiteConfig = $5 ? $5 : 'xxx';
|
|
+ $SiteConfig = &Sanitize($5 ? $5 : 'xxx');
|
|
$SiteConfig =~ s/^\.//; # SiteConfig is used to find config file
|
|
next;
|
|
}
|
|
@@ -17235,7 +17238,6 @@ else { # Run from command line
|
|
|
|
if ( $QueryString =~ /config=([^&]+)/i ) {
|
|
$SiteConfig = &Sanitize("$1");
|
|
- $SiteConfig =~ s/\.\.//g;
|
|
}
|
|
if ( $QueryString =~ /diricons=([^&]+)/i ) { $DirIcons = "$1"; }
|
|
if ( $QueryString =~ /pluginmode=([^&]+)/i ) {
|
|
@@ -17301,6 +17303,8 @@ else { # Run from command line
|
|
$ShowDirectOrigin = 1;
|
|
$QueryString =~ s/showdirectorigin[^&]*//i;
|
|
}
|
|
+
|
|
+ $SiteConfig =~ s/\.\.//g;
|
|
}
|
|
if ( $QueryString =~ /(^|&|&)staticlinks/i ) {
|
|
$StaticLinks = "$PROG.$SiteConfig";
|
|
--
|
|
2.15.1
|
|
|