Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed Login Exploit
  • Loading branch information
HazardousPeach committed Dec 9, 2014
1 parent 62755ed commit b80f6d1
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions calenderServer.cpp
Expand Up @@ -245,7 +245,7 @@ string handleGet(map<string, string>* reqHeaders) {
cout << "Bad session ID, redirecting to login." << endl;
body = getLogin();
} else
uid = sessionMap[sessionId];
uid = usersessionIt->second;
}
map<string, string> resHeaders;
resHeaders["Server"] = "CSE461";
Expand Down Expand Up @@ -289,7 +289,9 @@ string handlePost(map<string, string>* reqHeaders) {
string cookies = (*reqHeaders)["Cookie"];
string sessionIdString = cookies.substr(cookies.find("=") + 1);
sessionId = stoll(sessionIdString, nullptr);
uid = sessionMap[sessionId];
auto sessionIt = sessionMap.find(sessionId);
if(sessionIt != sessionMap.end())
uid = sessionIt->second;
}
map<string, string> resHeaders;
resHeaders["Server"] = "CSE461";
Expand Down

0 comments on commit b80f6d1

Please sign in to comment.