mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix SQL injections in ajax_table.php (#11920)

Browse Source 
* Fix SQL injections via searchPhrase parameter

* Fix SQL injections via address parameter

* Fix sort injection

Co-authored-by: Tony Murray <murraytony@gmail.com>
This commit is contained in:
Jellyfrog
2020-07-10 16:17:09 +02:00
committed by GitHub
parent 290398bd9b
commit 32f72bc1ab
20 changed files with 90 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
includes/html/table/poll-log.inc.php
View File

@@ -2,6 +2,7 @@
use LibreNMS\Config;
$param = [];
$sql = ' FROM `devices` AS D ';
if (!Auth::user()->hasGlobalAdmin()) {
@@ -17,7 +18,11 @@ if (!Auth::user()->hasGlobalAdmin()) {
}
if (isset($searchPhrase) && !empty($searchPhrase)) {
$sql .= " AND (hostname LIKE '%$searchPhrase%' OR sysName LIKE '%$searchPhrase%' OR last_polled LIKE '%$searchPhrase%' OR last_polled_timetaken LIKE '%$searchPhrase%')";
$sql .= " AND (hostname LIKE ? OR sysName LIKE ? OR last_polled LIKE ? OR last_polled_timetaken LIKE ?)";
$param[] = "%$searchPhrase%";
$param[] = "%$searchPhrase%";
$param[] = "%$searchPhrase%";
$param[] = "%$searchPhrase%";
}
if ($vars['type'] == "unpolled") {
@@ -35,7 +40,7 @@ $count_sql = "SELECT COUNT(`D`.`device_id`) $sql";
$sql .= " ORDER BY $sort";
$total = dbFetchCell($count_sql);
$total = dbFetchCell($count_sql, $param);
if (empty($total)) {
$total = 0;
}
@@ -51,7 +56,7 @@ if ($rowCount != -1) {
$sql = "SELECT D.device_id, D.hostname AS `hostname`, D.sysName, D.last_polled AS `last_polled`, `group_name`, D.last_polled_timetaken AS `last_polled_timetaken` $sql";
foreach (dbFetchRows($sql, array()) as $device) {
foreach (dbFetchRows($sql, $param) as $device) {
if (empty($device['group_name'])) {
$device['group_name'] = 'General';
}