Home Explore Help
Sign In
yosoyhendrix
/
vesta
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Auth bypass vulnerability fix

INVENT 11 years ago
parent
4406e814f2
commit
c0d5b3765a
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      web/api/index.php

+ 1 - 1
web/api/index.php
View File 

@@ -17,7 +17,7 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
 
         exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
 
         exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
 
     } else {
 
     } else {
 
         $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
 
         $key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
 
-        if (file_exists($key)) {
 
+        if (file_exists($key) && is_file($key)) {
 
             $auth_code = '0';
 
             $auth_code = '0';
 
         }
 
         }
 
     }
 
     }