Skip to content
Permalink
Browse files Browse the repository at this point in the history
Preventing manipulation with $_SERVER['HTTP_HOST']
  • Loading branch information
dpeca committed Mar 23, 2020
1 parent a571254 commit c3c4de4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion web/reset/index.php
Expand Up @@ -30,7 +30,7 @@
} else {
$mailtext = __('GREETINGS');
}
$mailtext .= __('PASSWORD_RESET_REQUEST',$_SERVER['HTTP_HOST'],$user,$rkey,$_SERVER['HTTP_HOST'],$user,$rkey);
$mailtext .= __('PASSWORD_RESET_REQUEST',$hostname,$user,$rkey,$hostname,$user,$rkey);
if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
unset($output);
}
Expand Down

4 comments on commit c3c4de4

@moucho
Copy link
Contributor

@moucho moucho commented on c3c4de4 Mar 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dpeca I've tested this solution, but fails because "$hostname" doesn't take into account the port, so the link sent for resetting the password is wrong and doesn't work.

For example, if I use https://myvestaserver.com:8083 for accessing VestaCP, the mail will send https://myvestaserver.com/reset/?action=confirm...

@dpeca
Copy link
Collaborator Author

@dpeca dpeca commented on c3c4de4 Mar 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@moucho
Ouch... thank you.
OK, I'll fix it now.

@dpeca
Copy link
Collaborator Author

@dpeca dpeca commented on c3c4de4 Mar 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed - 58807fe

@dpeca
Copy link
Collaborator Author

@dpeca dpeca commented on c3c4de4 Jun 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog

Please sign in to comment.