<html>
<body>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
echo "Doing ``"."useradd $username -p '$password' "."'' as ".get_current_user()."..<br/>";
passthru("/usr/bin/sudo /usr/bin/sbin/useradd $username -p '$password'" );
echo "finished ok<br>";
?>
<p>
<a href="index.html">Go back and try again</a>
</body>
</html>
Take the 2-minute tour
×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
|
|
|||
| add comment |
closed as unclear what you're asking by Jamal♦ Nov 21 '13 at 6:52
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question.If this question can be reworded to fit the rules in the help center, please edit the question.
|
I strongly suggest to sanitize the input ($_POST[]) before using. Even more in your case that you execute shell command with it. |
|||
|
|
|
I can exploit that in a few moments: Set username to "; newcommand here to pwn your box" or " || other command" YOU NEED to sanitize the values prior to running this. Using strpos and check for possible exploits. |
|||
|
|
$return_varparameter to see what sudo returns to you. – Quentin Pradet Mar 2 '12 at 20:36