Tainted strings

Mehr
3 Monate 3 Wochen her - 3 Monate 3 Wochen her #179548 von ollehar
COM_KUNENA_MESSAGE_CREATED_NEW
There's an extension available for PHP that lets you trace tainted strings. A tainted string is a string that is unsafe, not escaped, can include XSS or SQL injection, and so on. Here's the link:

secure.php.net/manual/en/book.taint.php

I managed to install it using this:
apt install php7.1-dev
pecl install taint

Then you have to edit php.ini:
extension=taint.so
taint.enable = 1
taint.error_level = E_ERROR

As an example I tried to view a question in LimeSurvey and got the following error:



The problem was that $qid is never escaped or cast to integer, but shown as-is in the PHP view file. It's easily solved by putting
$qid = (int) $qid;

in the controller.

Just a tip. :)
Anhang:
Last edit: 3 Monate 3 Wochen her by ollehar.

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

LimeSurvey Partners
Mehr
3 Monate 3 Wochen her #179561 von DenisChenu
COM_KUNENA_MESSAGE_REPLIED_NEW
False positive ?

sid + gid + qid are always filtered and send 403 if it's not numeric without 0 starting.
github.com/LimeSurvey/LimeSurvey/blob/9b...mmon_Action.php#L148

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Mehr
3 Monate 3 Wochen her #179564 von DenisChenu
COM_KUNENA_MESSAGE_REPLIED_NEW
False positive, no ?

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand .
An error happen ? Before make a new topic : remind the Debug mode .
Anhang:

Bitte Anmelden oder Registrieren um an der Konversation teilzunehmen.

Jetzt loslegen!

Melden Sie sich jetzt an, und erstellen Sie in wenigen Minuten Ihre erste Umfrage.

Account einrichten

Abonnieren Sie unseren Newsletter

Abonnieren Sie unseren Newsletter für alle Neuigkeiten rund um LimeSurvey
captcha