2014-01-20 Miguel de Dios <miguel.dedios@artica.es>

* mobile/include/user.class.php,
	mobile/include/system.class.php: fixed SQL injection.
	
	Issue found by Lincoln, a member of Corelan Team




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@9344 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f

pandora_console/ChangeLog

@@ -1,3 +1,10 @@
+2014-01-20  Miguel de Dios <miguel.dedios@artica.es>
+	
+	* mobile/include/user.class.php,
+	mobile/include/system.class.php: fixed SQL injection.
+	
+	Issue found by Lincoln, a member of Corelan Team
+
 2014-01-17 Juan Manuel Ramon Vigo <juanmanuel.ramon@artica.es>
 
 	* godmode/reporting/reporting_builder.php: Fixed group filter in report

pandora_console/mobile/include/system.class.php

@@ -62,6 +62,18 @@ class System {
 		return $return;
 	}
 	
+	public function safeOutput($value) {
+		require_once($this->getConfig('homedir') . '/include/functions_io.php');
+		
+		return io_safe_output($value);
+	}
+	
+	public function safeInput($value) {
+		require_once($this->getConfig('homedir') . '/include/functions_io.php');
+		
+		return io_safe_input($value);
+	}
+	
 	public function getConfig($name, $default = null) {
 		if (!isset($this->config[$name])) {
 			return $default;

pandora_console/mobile/include/user.class.php

@@ -87,16 +87,19 @@ class User {
 		
 		if (($user == null) && ($password == null)) {
 			$user = $system->getRequest('user', null);
+			$user = $system->safeInput($user);
 			$password = $system->getRequest('password', null);
 		}
 		
 		if (!empty($user) && !empty($password)) {
 			if (process_user_login($user, $password) !== false) {
+				
 				$this->logged = true;
 				$this->user = $user;
 				$this->errorLogin = false;
 			}
 			else {
+				
 				$this->logged = false;
 				$this->errorLogin = true;
 			}