From 5affad5cdcb6597c9847b1b3ba36e08075a4e904 Mon Sep 17 00:00:00 2001 From: slerena Date: Mon, 8 Oct 2007 15:29:38 +0000 Subject: [PATCH] 2007-10-03 Sancho Lerena * Security fix has been included in ver_agente.php, using a new function to validate GET variables (checking for numeric data). This security isse was a SQL Blind URL Attack. This is described in mailing list with more depth, including the patch. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@670 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 4 ++++ pandora_console/include/functions.php | 22 +++++++++++++++++++ .../operation/agentes/ver_agente.php | 4 ++-- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 230d9d5f45..65ee4d7031 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,5 +1,9 @@ 2007-10-03 Sancho Lerena + * Security fix has been included in ver_agente.php, using a new function to validate + GET variables (checking for numeric data). This security isse was a SQL Blind URL Attack. This + is described in mailing list with more depth, including the patch. + * include/functions_db.php: Insert_event is now capable to store events already validated. * operation/events/events.php: Adjusted column width. diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 8e751bc2ff..f785fa23da 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -414,6 +414,28 @@ function give_parameter_post ( $name, $default = "" ){ return $output; } +function give_parameter_get_numeric ( $name, $default = "-1" ){ + $output = $default; + if (isset ($_GET[$name])){ + $output = $_GET[$name]; + } + if (is_numeric($output)) + return $output; + else + return -1; +} + +function give_parameter_post_numeric ( $name, $default = "" ){ + $output = $default; + if (isset ($_POST[$name])){ + $output = $_POST[$name]; + } + if (is_numeric($output)) + return $output; + else + return -1; +} + function human_time_comparation ( $timestamp ){ global $lang_label; if ($timestamp != ""){ diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php index c1805ca86b..ba5a5d8d8c 100644 --- a/pandora_console/operation/agentes/ver_agente.php +++ b/pandora_console/operation/agentes/ver_agente.php @@ -25,8 +25,8 @@ require("include/config.php"); if (comprueba_login() == 0) { - if (isset($_GET["id_agente"])){ - $id_agente = $_GET["id_agente"]; + $id_agente = give_parameter_get_numeric("id_agente"); + if ($id_agente != -1){ // get group for this id_agente $query="SELECT * FROM tagente WHERE id_agente = ".$id_agente; $res=mysql_query($query);