mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

plug shell injection hole in map.php (thanks to Scrye)

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1210 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Tom Laermans
2010-06-18 17:29:02 +00:00
parent 033dd8524f
commit 36c276646a
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
html/map.php
View File

@@ -116,6 +116,15 @@ if (isset($_GET['format']) && preg_match("/^[a-z]*$/", $_GET['format']))
if ($_GET['debug'] == 1) { echo("<pre>$map</pre>");exit(); } if ($_GET['debug'] == 1) { echo("<pre>$map</pre>");exit(); }
switch ($_GET['format'])
{
case 'svg':
case 'png':
break;
case default:
$_GET['format'] = 'png';
}
$img = shell_exec("echo \"".addslashes($map)."\" | dot -T".$_GET['format'].""); $img = shell_exec("echo \"".addslashes($map)."\" | dot -T".$_GET['format']."");
if($_GET['format'] == "png") { if($_GET['format'] == "png") {
header("Content-type: image/".$_GET['format']); header("Content-type: image/".$_GET['format']);