AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs.

Browse Source
This commit is contained in:
johnnyq
2021-12-13 12:21:55 -05:00
parent ed2dfa1b74
commit 4604280efe
5 changed files with 28 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
logs.php
View File

@@ -154,8 +154,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
$log_id = $row['log_id'];
$log_type = $row['log_type'];
$log_action = $row['log_action'];
$log_description = $row['log_description'];
$log_ip = $row['log_ip'];
$log_description = htmlentities($row['log_description']);
$log_ip = htmlentities($row['log_ip']);
$log_user_agent = $row['log_user_agent'];
$log_created_at = $row['log_created_at'];
$user_id = $row['user_id'];