Skip to content
This repository has been archived by the owner on Jan 22, 2018. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Fix file browser vulnerability on LOGS BROWSER tab.
  • Loading branch information
bmeeks8 committed May 20, 2014
1 parent 7225479 commit 59ed343
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions config/suricata/suricata_logs_browser.php
Expand Up @@ -55,21 +55,22 @@
$if_real = get_real_interface($a_instance[$instanceid]['interface']);

// Construct a pointer to the instance's logging subdirectory
$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
$suricatalogdir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}/";

$logfile = $_POST['file'];
// Limit all file access to just the currently selected interface's logging subdirectory
$logfile = htmlspecialchars($suricatalogdir . basename($_POST['file']));

if ($_POST['action'] == 'load') {
if(!is_file($_POST['file'])) {
if(!is_file($logfile)) {
echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|";
}
else {
$data = file_get_contents($_POST['file']);
$data = file_get_contents($logfile);
if($data === false) {
echo "|1|" . gettext("Failed to read log file") . ".|";
} else {
$data = base64_encode($data);
echo "|0|{$_POST['file']}|{$data}|";
echo "|0|{$logfile}|{$data}|";
}
}
exit;
Expand Down Expand Up @@ -180,7 +181,7 @@ function loadComplete(req) {
$selected = "";
if ($log == basename($logfile))
$selected = "selected";
echo "<option value='{$suricatalogdir}/{$log}' {$selected}>" . $log . "</option>\n";
echo "<option value='{$suricatalogdir}{$log}' {$selected}>" . $log . "</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which log you want to view.'); ?>
Expand Down Expand Up @@ -222,7 +223,7 @@ function loadComplete(req) {
</table>
</form>

<?php if(empty($logfile)): ?>
<?php if(empty($_POST['file'])): ?>
<script type="text/javascript">
document.getElementById("logFile").selectedIndex=-1;
</script>
Expand Down

0 comments on commit 59ed343

Please sign in to comment.