New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
two loagic bugs in latest product #78
Comments
|
thank you for bringing this issue. i will do the fix on the next update. sorry for long reply, my laptop was stolen and all of my data was lost. once again, thank you. |
|
I've already check the script. the point 1 is not a bug, it just to check whether the inputed password are same or not. and the second point i got this as issue. and will be commit the fix for cve, please request cve id at https://cve.mitre.org/cve/request_id.html |
|
Ok thank you very much
2017-09-05 12:47 GMT+08:00 Puguh Wijayanto <notifications@github.com>:
… Closed #78 <#78>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#78 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AdJZ1-y6WefnTtr3OksjlEJzH0JpR9TKks5sfNJ4gaJpZM4OvBdf>
.
|
Selamat pagi! Line 53 in dd6e07f
So you're effectively doing |
|
@andre-checkmarx ah you are right. i will take a look. and fixed it. |
|
Awesome, glad I could help! |
|
yes you can contact me at telegram @metalgenix |
Hello Developers,i has found two logic bugs in your product,which maybe cause some problems
I hope this helps you.
the first point:
at register.php line53
if (!User::isSame($_POST['pass1'], $_POST['pass1']))Here, you use the same password for testing
the Second point:
at register.php line53
User::isExist($_POST['userid'])),Let's follow up this function
User.class.php line222
public static function isExist($user, $except='') { if ($except != '') { $id = Typo::cleanX(Typo::strip($except)); ......Let's follow up Typo::strip
Type.class.php line101
`public static function strip($text, $tags = '', $invert = false)
{
preg_match_all('/<(.+?)[\s]/?[\s]>/si', trim($tags), $tags);
$tags = array_unique($tags[1]);
We can see that the regular expressions here are removed from the corner brackets.
For example:if username is
admin<script>then the function will returnadmin.But finally, the data does not check the same name before entering the database.
so it will cause a large problem we can block any member's account if we know his username.
why? because in login.php line 6 $c != 1 because there are two There are two users called
adminThat's what I want to say. If I don't make it clear, please contact me
rigist the same user who named "root"

we can see there are two same users except group

admin "root" can not log in!!!

The text was updated successfully, but these errors were encountered: