AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

This Update will break your login as we updated the password hash from MD5 to a salted hash using hash_password and password_verify techniques, fixed an unauthenticated persistent XSS Vulnerbility which would affect if someone spoofed their IP with a javascript code and then a logged in read the logs. The flaw was discovered by @bambilol #214 also fixed some other bugs.

Browse Source
This commit is contained in:
johnnyq
2021-12-13 12:21:55 -05:00
parent ed2dfa1b74
commit 4604280efe
5 changed files with 28 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
setup.php
View File

@@ -391,7 +391,7 @@ if(isset($_POST['add_user'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$password = md5($_POST['password']);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()");