Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-stable
Commits
7af26ef3
Commit
7af26ef3
authored
Aug 10, 2007
by
Russ Fish
Browse files
Plug 4 SQL injection holes.
parent
cdd73465
Changes
6
Hide whitespace changes
Inline
Side-by-side
www/editexp.php3
View file @
7af26ef3
...
...
@@ -441,6 +441,7 @@ if (!isset($formfields["idleswap"]) ||
addslashes
(
$formfields
[
"noidleswap_reason"
])
.
"'"
;
}
elseif
(
!
isset
(
$formfields
[
"idleswap_timeout"
])
||
!
preg_match
(
"/^[\d]+$/"
,
$formfields
[
"idleswap_timeout"
])
||
(
$formfields
[
"idleswap_timeout"
]
+
0
)
<=
0
||
(
((
$formfields
[
"idleswap_timeout"
]
+
0
)
>
$idleswaptimeout
)
&&
!
ISADMIN
())
)
{
...
...
@@ -463,6 +464,7 @@ if (!isset($formfields["autoswap"]) ||
$inserts
[]
=
"autoswap_timeout=0"
;
}
elseif
(
!
isset
(
$formfields
[
"autoswap_timeout"
])
||
!
preg_match
(
"/^[\d]+$/"
,
$formfields
[
"autoswap_timeout"
])
||
(
$formfields
[
"autoswap_timeout"
]
+
0
)
==
0
)
{
$errors
[
"Max Duration"
]
=
"Invalid time provided"
;
}
...
...
@@ -490,7 +492,10 @@ else {
if
(
isset
(
$formfields
[
"cpu_usage"
])
&&
strcmp
(
$formfields
[
"cpu_usage"
],
""
))
{
if
((
$formfields
[
"cpu_usage"
]
+
0
)
<
0
||
if
(
!
preg_match
(
"/^[\d]+$/"
,
$formfields
[
"cpu_usage"
]))
{
$errors
[
"CPU Usage"
]
=
"Invalid character"
;
}
elseif
((
$formfields
[
"cpu_usage"
]
+
0
)
<
0
||
(
$formfields
[
"cpu_usage"
]
+
0
)
>
5
)
{
$errors
[
"CPU Usage"
]
=
"Invalid (0 <= X <= 5)"
;
}
...
...
@@ -508,7 +513,10 @@ else {
if
(
isset
(
$formfields
[
"mem_usage"
])
&&
strcmp
(
$formfields
[
"mem_usage"
],
""
))
{
if
((
$formfields
[
"mem_usage"
]
+
0
)
<
0
||
if
(
!
preg_match
(
"/^[\d]+$/"
,
$formfields
[
"mem_usage"
]))
{
$errors
[
"Mem Usage"
]
=
"Invalid character"
;
}
elseif
((
$formfields
[
"mem_usage"
]
+
0
)
<
0
||
(
$formfields
[
"mem_usage"
]
+
0
)
>
5
)
{
$errors
[
"Mem Usage"
]
=
"Invalid (0 <= X <= 5)"
;
}
...
...
@@ -526,9 +534,12 @@ else {
if
(
isset
(
$formfields
[
"linktest_level"
])
&&
strcmp
(
$formfields
[
"linktest_level"
],
""
))
{
if
((
$formfields
[
"linktest_level"
]
+
0
)
<
0
||
if
(
!
preg_match
(
"/^[\d]+$/"
,
$formfields
[
"linktest_level"
]))
{
$errors
[
"Linktest Level"
]
=
"Invalid character"
;
}
elseif
((
$formfields
[
"linktest_level"
]
+
0
)
<
0
||
(
$formfields
[
"linktest_level"
]
+
0
)
>
4
)
{
$errors
[
"Linktest Level"
]
=
"Invalid
linktest level
"
;
$errors
[
"Linktest Level"
]
=
"Invalid
(0 <= X <= 4)
"
;
}
else
{
$inserts
[]
=
"linktest_level="
.
$formfields
[
"linktest_level"
];
...
...
www/sec-check/results/analyze_probes.txt
View file @
7af26ef3
...
...
@@ -328,9 +328,8 @@ editexp.php3.1.html
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[noswap_reason]}**
editexp.php3.10.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[linktest_level]}**
Oops, please fix the following errors!
<font color=red>Invalid character</font></td>
editexp.php3.4.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
...
...
@@ -340,17 +339,15 @@ editexp.php3.6.html
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[noidleswap_reason]}**
editexp.php3.8.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
Oops, please fix the following errors!
<font color=red>Invalid character</font></td>
editexp.php3.9.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: \'**{editexp.php3:formfields[description]}**
editexp.php3.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
Probe label: '**{editexp.php3:formfields[mem_usage]}**
Oops, please fix the following errors!
<font color=red>Invalid character</font></td>
editgroup.php3.1.html
Could not map page arguments to 'group'
editgroup.php3.10.html
...
...
@@ -1018,7 +1015,7 @@ showsumstats.php3.1.html
showsumstats.php3.html
Invalid range argument: '**{showsumstats.php3:range}**!
showuser_list.php3.html
Probe label
: '**{showuser_list.php3:searchfor}**
Invalid page arguments: /showuser_list.php3<br><br>Invalid characters in 'searchfor'
: '**{showuser_list.php3:searchfor}**
swapexp.php3.1.html
<title>MyEmulab.Net - Page Error</title>
Page Error</h2>
...
...
www/sec-check/results/probe-labels.list
View file @
7af26ef3
Probe label: \'**{approveproject.php3:head_uid}**
Probe label: \'**{editexp.php3:formfields[noswap_reason]}**
Probe label: '**{editexp.php3:formfields[linktest_level]}**
Probe label: \'**{editexp.php3:formfields[noidleswap_reason]}**
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
Probe label: \'**{editexp.php3:formfields[description]}**
Probe label: '**{editexp.php3:formfields[mem_usage]}**
Probe label: \'**{editimageid.php3:formfields[description]}**
Probe label: \'**{kb-manage.php3:formfields[xref_tag]}**
Probe label: \'**{kb-manage.php3:formfields[body]}**
...
...
@@ -14,4 +11,3 @@
Probe label: \'**{moduserinfo.php3:formfields[usr_country]}**
Probe label: \'**{newgroup.php3:group_description}**
Probe label: \'**{newgroup.php3:group_leader}**
Probe label: '**{showuser_list.php3:searchfor}**
www/sec-check/results/uncaught-files.list
View file @
7af26ef3
editexp.php3
showuser_list.php3
www/sec-check/results/uncaught-probes.list
View file @
7af26ef3
Probe label: '**{editexp.php3:formfields[cpu_usage]}**
Probe label: '**{editexp.php3:formfields[linktest_level]}**
Probe label: '**{editexp.php3:formfields[mem_usage]}**
Probe label: '**{showuser_list.php3:searchfor}**
www/url_defs.php
View file @
7af26ef3
...
...
@@ -576,7 +576,7 @@ function VerifyPageArguments($argspec, $required)
$yep
=
1
;
# Pages never get arguments with special chars. Check.
if
(
preg_match
(
"/
^
[\'
\"
]
+$
/"
,
$object
))
{
if
(
preg_match
(
"/[\'
\"
]/"
,
$object
))
{
PAGEARGERROR
(
"Invalid characters in '
$name
':
$object
"
);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment