Merge pull request #9 from krissss/8-remote-code-execution-rce-via-line-parameter-in-tail-function

krissss · web-flow · commit 7e166948a3f8 · 2025-02-05T15:26:01.000+08:00
fix: RCE
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+.idea
+composer.lock
+vendor
diff --git a/composer.json b/composer.json
@@ -17,5 +17,16 @@
         "psr-4": {
             "kriss\\logReader\\": "src"
         }
+    },
+    "repositories": [
+        {
+            "type": "composer",
+            "url": "https://asset-packagist.org"
+        }
+    ],
+    "config": {
+        "allow-plugins": {
+            "yiisoft/yii2-composer": true
+        }
     }
 }
diff --git a/src/controllers/DefaultController.php b/src/controllers/DefaultController.php
@@ -160,6 +160,7 @@ public function actionDownload($slug, $stamp = null)
     public function actionTail($slug, $line = 100, $stamp = null)
     {
         $log = $this->find($slug, $stamp);
+        $line = intval($line);
         if ($log->isExist) {
             $result = shell_exec("tail -n {$line} {$log->fileName}");
 

Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,16 @@`
`17`	`17`	`"psr-4": {`
`18`	`18`	`"kriss\\logReader\\": "src"`
`19`	`19`	`}`
	`20`	`+ },`
	`21`	`+ "repositories": [`
	`22`	`+ {`
	`23`	`+ "type": "composer",`
	`24`	`+ "url": "https://asset-packagist.org"`
	`25`	`+ }`
	`26`	`+ ],`
	`27`	`+ "config": {`
	`28`	`+ "allow-plugins": {`
	`29`	`+ "yiisoft/yii2-composer": true`
	`30`	`+ }`
`20`	`31`	`}`
`21`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -160,6 +160,7 @@ public function actionDownload($slug, $stamp = null)`
`160`	`160`	`public function actionTail($slug, $line = 100, $stamp = null)`
`161`	`161`	`{`
`162`	`162`	`$log = $this->find($slug, $stamp);`
	`163`	`+ $line = intval($line);`
`163`	`164`	`if ($log->isExist) {`
`164`	`165`	`$result = shell_exec("tail -n {$line} {$log->fileName}");`
`165`	`166`