tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 10:57:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

login: Fix XSS issue if "Debug Userlogin" is enabled.

Browse Source 
The username field was vulnerable against XSS attacks.
However this only affected POST data, so creating a URL with Querystring
for a XSS attack would not work.
This commit is contained in:
Andre Lorbach 2021-04-22 09:39:59 +02:00
parent 32d6b3fa2a
commit 28ae0b9ef4
3 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,4 +1,10 @@
---------------------------------------------------------------------------
Version 4.1.12 (stable), 2021-04-29
---------------------------------------------------------------------------
- Secured username field against XSS attacks, thanks for reporting to:
Michael Strametz of SySS Cyber Security GmbH (Austria).
- UserDB: Allow NULL value for defaultfilter fields, updated to v13
---------------------------------------------------------------------------
Version 4.1.11 (stable), 2020-07-09
- ThirdParty: Updated jpgraph to 4.3.1 (2020-04-24)
- Thanks to Javier Pastor for the following fixes and changes:

2
src/include/functions_users.php
View File

@ -283,7 +283,7 @@ function CheckUserLogin( $username, $password )
}
*/
if ( GetConfigSetting("DebugUserLogin", 0) == 1 )
DieWithFriendlyErrorMsg( "Debug Error: Could not find user '" . $username . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre>");
DieWithFriendlyErrorMsg( "Debug Error: Could not find user '" . htmlspecialchars($username) . "' <br><br><B>Sessionarray</B> <pre>" . var_export($_SESSION, true) . "</pre>");
// Default return false
return false;

24
src/login.php
View File

@ -65,8 +65,7 @@ else
$szRedir = "index.php"; // Default
$szRedir = SecureRedirect($szRedir);
if ( isset($_POST['op']) && $_POST['op'] == "login" )
{
if ( isset($_POST['op']) && $_POST['op'] == "login" ) {
// Perform login!
if ( $_POST['op'] == "login" )
{
@ -74,29 +73,24 @@ if ( isset($_POST['op']) && $_POST['op'] == "login" )
(isset($_POST['uname']) && strlen($_POST['uname']) > 0)
&&
(isset($_POST['pass']) && strlen($_POST['pass']) > 0)
)
{
// Set Username and password
$content['uname'] = DB_RemoveBadChars($_POST['uname']);
$content['pass'] = $_POST['pass']; // RAW Copy of password string, otherwise passwords with special characters can be broken.
) {
// Copy Username and password for template system
$content['uname'] = htmlspecialchars(DB_RemoveBadChars($_POST['uname'])); // URL Decode the username to avoid XSS issues!
$content['pass'] = htmlspecialchars($_POST['pass']); // RAW Copy of password string, otherwise passwords with special characters can be broken.
if ( !CheckUserLogin( $content['uname'], $content['pass']) )
{
// Use raw properties for database login check
if ( !CheckUserLogin( DB_RemoveBadChars($_POST['uname']), $_POST['pass']) ) {
$content['ISERROR'] = "true";
$content['ERROR_MSG'] = $content['LN_LOGIN_ERRWRONGPASSWORD'];
}
else
RedirectPage( urldecode($szRedir) );
}
else
{
} else {
$content['ISERROR'] = "true";
$content['ERROR_MSG'] = $content['LN_LOGIN_USERPASSMISSING'];
}
}
}
else if ( isset($_GET['op']) && $_GET['op'] == "logoff" )
{
} else if ( isset($_GET['op']) && $_GET['op'] == "logoff" ) {
// logoff in this case
DoLogOff();
}