Tell me more ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 0 down vote favorite 
<html>
<body>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
echo "Doing ``"."useradd $username -p '$password' "."'' as ".get_current_user()."..<br/>";
passthru("/usr/bin/sudo /usr/bin/sbin/useradd $username -p '$password'" );
echo "finished ok<br>";
?>
<p>
<a href="index.html">Go back and try again</a>
</body>
</html>
share|improve this question
I have no idea how to sanitize that properly. Do you really need it? Oh and add a $return_var parameter to see what sudo returns to you. – Quentin Pradet Mar 2 '12 at 20:36

2 Answers

up vote 2 down vote

I strongly suggest to sanitize the input ($_POST[]) before using. Even more in your case that you execute shell command with it.

share|improve this answer
up vote 2 down vote

I can exploit that in a few moments:

Set username to "; newcommand here to pwn your box" or " || other command"

YOU NEED to sanitize the values prior to running this.

Using strpos and check for possible exploits.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.