The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
UserSpice 4.2 Bugs and security
#1
Here is few bugs I have found so far, may be I will remember some more that I patched for myself, so here is what i've found:

found bugs:

1) http://localhost/usercontrol/users/admin_user.php?id=2
not using global settings for name length
Code:
line 57, 58
should be changed to
<pre>
Code:
'min' => $settings->min_un,
'max' => $settings->max_un
</pre>



2)
Code:
function display_errors($errors = array())
- helpers.php - remove
Code:
echo "<br>"
- that br resulting content to slip below on every page that function called

3) http://localhost/usercontrol/users/admin...ssions.php
Code:
line 97,98
- dublicate of
<pre>
Code:
$errors = [];
$successes = [];
</pre>


that decleared above - that 2 lines should be removed, preventing any message to appear

4) http://localhost/usercontrol/users/admin...ssions.php
Code:
line 65
- echoing error to nowere, appearing above in black ugly block
Code:
echo "Permission Updated";
should be
Code:
$successes[] = 'TEXT';

5) http://localhost/usercontrol/users/profile.php?id=0
giving wrong id, resulting in banch of errors

Security issues:
1) http://localhost/usercontrol/users/admin.php
2 forms have no csrf protection - adding session token will solve that (i am using both session and per-request tokens)

2) http://localhost/usercontrol/users/admin...n.php?id=1
Code:
line 28
, value of
Code:
$_GET
is not sanitized

3) user name validation - user can create crazy names like <script>lala - should not allow that

That may be not bugs but logic flaws:
1) http://localhost/usercontrol/users/joinThankYou.php - should redirect if logged in?
2) http://localhost/usercontrol/users/join.php - should redirect if logged in?
3) http://localhost/usercontrol/users/login.php - should redirect if logged in?
4) http://localhost/usercontrol/users/maintenance.php - should redirect if no maintenance?
  Reply


Messages In This Thread
UserSpice 4.2 Bugs and security - by SavageStyle - 10-16-2017, 05:07 PM
UserSpice 4.2 Bugs and security - by Brandin - 10-16-2017, 10:30 PM
UserSpice 4.2 Bugs and security - by mudmin - 10-17-2017, 01:16 AM
UserSpice 4.2 Bugs and security - by SavageStyle - 10-21-2017, 08:56 AM
UserSpice 4.2 Bugs and security - by Brandin - 10-21-2017, 10:19 AM

Forum Jump:


Users browsing this thread: 3 Guest(s)