Insecure connection could allow RCE #9
Assignees
Labels
enhancement
New feature or request
Comments
|
Yes, but this is local server no one can access other than you, but if you will give your phone then it may be insecure. Or if you have any suggestions for this , you can provide. i will happy to see. |
bajrangCoder
added
enhancement
|
If the server is on when we're surfing the web... Then a evil (?) page surely knows your one of your IP as 127.0.0.1, and he cound connect to it easily by start a WebSocket and grab a shell of your phone... Port could be scanned, too. Some authentication is needed. |
|
Ok , In next update I will add authentication system |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If the server is installed on Termux, then it seems as though anyone could, knowing your IP address, easily connect to the websocket unauthenticated and have RCE through Termux, which is especially bad if your phone is rooted.
The text was updated successfully, but these errors were encountered: