Merge pull request #84 from EyesOfNetworkCommunity/sessions_id

Sessions id fix
EyesOfNetworkCommunity · Mar 15, 2021 · 80bfde6 · 80bfde6
2 parents 745d04a + 58290af
commit 80bfde6
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 11 deletions.
diff --git a/appliance/eonweb.spec b/appliance/eonweb.spec
@@ -62,6 +62,8 @@ case "$1" in
     systemctl restart httpd
     # Update EON 5.3.8
     /usr/bin/chown apache:apache /srv/eyesofnetwork/eonweb/module/admin_itsm/uploaded_file
+    # Update EON 5.3.11
+    /usr/bin/mysql -u root --password=root66 eonweb < %{eonconfdir}/updates/5.3.11.sql 2>/dev/null
   ;;
 esac
 
@@ -77,6 +79,9 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
 
 %changelog
+* Mon Jan 11 2021 Oscar POELS <[email protected]> - 5.3-11.eon
+- fix security issue with sessions_id by renforcing generation to prevent force brut
+
 * Tue Dec 08 2020 Sebastien DAVOULT <[email protected]> - 5.3-10.eon
 - fix issue when we trying to rename rules in Advance Notifier #81
 - fix gathering SQL Response in Advance Notifier #80

diff --git a/appliance/eonweb.sql b/appliance/eonweb.sql
@@ -233,7 +233,7 @@ DROP TABLE IF EXISTS `sessions`;
 /*!40101 SET @saved_cs_client     = @@character_set_client */;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `sessions` (
-  `session_id` int(11) NOT NULL,
+  `session_id` char(30) NOT NULL,
   `user_id` int(11) NOT NULL,
   PRIMARY KEY (`session_id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

diff --git a/appliance/updates/5.3.11.sql b/appliance/updates/5.3.11.sql
@@ -0,0 +1 @@
+ALTER TABLE sessions modify session_id char(30);
diff --git a/login.php b/login.php
@@ -259,7 +259,7 @@ function display_login(){
 			$usrlimit = $usersql[0]["user_limitation"];
 
 			// Create session ID
-			$sessid=rand();
+			$sessid = session_id();
 			sql($database_eonweb,"INSERT INTO sessions (session_id,user_id) VALUES (?,?)", array($sessid, $usrid));
 
 			// Send cookie

diff --git a/module/admin_itsm/function_itsm.php b/module/admin_itsm/function_itsm.php
@@ -26,18 +26,21 @@
  * @return boolean
  */
 function upload_file($url, $file, $dir="uploaded_file"){
+    $path_part = pathinfo($file["name"]);
     if(preg_match('#[\x00-\x1F\x7F-\x9F/\\\\]#', basename($file["name"]))){
         return false;
     }else{
-        $path_file = __DIR__."/".$dir."/".basename($file["name"]);
-        if(file_exists($path_file)){
-            unlink($path_file);
-        }
+        if($path_part['extension'] == "json" || $path_part['extension'] == "xml"){
+            $path_file = __DIR__."/".$dir."/".basename($file["name"]);
+            if(file_exists($path_file)){
+                unlink($path_file);
+            }
 
-        $path_file = __DIR__."/".$dir."/".basename($file["name"]);
-
-        if(move_uploaded_file($file["tmp_name"], $path_file)){
-            return true;
+            $path_file = __DIR__."/".$dir."/".basename($file["name"]);
+
+            if(move_uploaded_file($file["tmp_name"], $path_file)){
+                return true;
+            }
         }
         return false;
     }
@@ -199,4 +202,4 @@ function get_all_events(){
 
 
 
-?>
+?>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ALTER TABLE sessions modify session_id char(30);