Skip to content

Commit

Permalink
Hansmach1ne security fixes (#583)
Browse files Browse the repository at this point in the history 
* Update CareersUI.php

* SQL injection vulnerability fix in $entriesPerPage

* Sanitize parameters against XSS attacks

This commit fixes three XSS vulnerabilities.

1) 'indexFile' parameter
/ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)"></a><script>alert`xss`</script>&isPopup=0

2) 'entriesPerPage' parameter
/ajax.php?f=getPipelineJobOrder&joborderID=2&page=0&entriesPerPage=15)"></a> <script>alert`xss`</script>&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0

3)'joborderID' parameter
/ajax.php?f=getPipelineJobOrder&joborderID=1)"></a> <script>alert`xss`</script>&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0

* Fix for two XSS vulnerabilities in toolbar

This commit will fix two XSS vulnerabilities in toolbar module functionality.

1) GET parameter 'callback'.
/index.php?m=toolbar&callback=<script>alert`xss`</script>&a=authenticate

2) GET parameter 'email'
/index.php?m=toolbar&callback=<script>alert`xss`</script>&a=checkEmailIsInSystem&email=<script>alert(document.domain)</script>

* RCE vulnerability fix via insecure deserialization

* Fix SQL injection vulnerability in Tag deletion

* FIX SQL injection vulnerability in Imports module

Co-authored-by: Mateo <57464251+hansmach1ne@users.noreply.github.com>
  • Loading branch information
@RussH @hansmach1ne
RussH and hansmach1ne committed Dec 6, 2022
1 parent 37da2c6 commit df7e373
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion lib/Tags.php
View file
Expand Up @@ -94,7 +94,8 @@ public function delete($tagID)
(tag_id = %s OR tag_parent_id = %s)
AND
site_id = %s",
$tagID, $tagID,
$this->_db->makeQueryString($tagID),
$this->_db->makeQueryString($tagID),
$this->_siteID
);

Expand Down
4 changes: 2 additions & 2 deletions modules/import/Import.php
View file
Expand Up @@ -122,7 +122,7 @@ public function delete($importID)
import_id = %s
AND
site_id = %s",
$importID,
$this->_db->makeQueryString($importID),
$this->_siteID
);
$queryResult = $this->_db->query($sql);
Expand Down Expand Up @@ -484,4 +484,4 @@ public function add($dataNamed, $userID, $importID)

}

?>
?>

0 comments on commit df7e373

Please sign in to comment.