fernando/luos
1
0
Fork 0
Code Releases Activity

HOR-283 Security Issue - Password brute-forcing is possible

Browse Source 
fix in captcha

fix

positions

up observations
This commit is contained in:
Ronald Q
2016-02-26 11:20:15 -04:00
parent f395d4b6e0
commit b0648c2e5c
3 changed files with 158 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
composer.json
View File

@@ -32,7 +32,8 @@
"colosa/pmUI": "3.0.1.8-dev",
"colosa/MichelangeloFE": "3.0.1.8-dev",
"colosa/pmdynaform": "3.0.1.8-dev",
"google/apiclient": "1.1.6"
"google/apiclient": "1.1.6",
"dapphp/securimage": "^3.6"
},
"require-dev": {
"guzzle/guzzle": "~3.1.1",

160
workflow/engine/methods/setup/appCacheViewAjax.php
View File

@@ -1,10 +1,10 @@
<?php
require_once ('classes/model/AppCacheView.php');
require_once('classes/model/AppCacheView.php');
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
$_GET = $filter->xssFilterHard($_GET);
$request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);
$request = isset($_POST['request']) ? $_POST['request'] : (isset($_GET['request']) ? $_GET['request'] : null);
function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "")
{
@@ -58,14 +58,14 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName
} else {
$usrTest = "wfrbtest";
$chkG = "GRANT ALL PRIVILEGES ON `%s`.* TO %s@'%%' IDENTIFIED BY 'sample' WITH GRANT OPTION";
$chkG = $filter->preventSqlInjection($chkG, array($dbNameTest,$usrTest), $connDatabase);
$chkG = $filter->preventSqlInjection($chkG, array($dbNameTest, $usrTest), $connDatabase);
$ch = @mysql_query($chkG, $connDatabase);
if (!$ch) {
$message = mysql_error();
} else {
$sqlCreateUser = "CREATE USER '%s'@'%%' IDENTIFIED BY '%s'";
$user = $filter->validateInput($user, 'nosql');
$sqlCreateUser = $filter->preventSqlInjection($sqlCreateUser, array($user."_usertest","sample"), $connDatabase);
$sqlCreateUser = $filter->preventSqlInjection($sqlCreateUser, array($user . "_usertest", "sample"), $connDatabase);
$result = @mysql_query($sqlCreateUser, $connDatabase);
if (!$result) {
$message = mysql_error();
@@ -75,7 +75,7 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName
}
$sqlDropUser = "DROP USER '%s'@'%%'";
$user = $filter->validateInput($user, 'nosql');
$sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($user."_usertest"), $connDatabase);
$sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($user . "_usertest"), $connDatabase);
@mysql_query($sqlDropUser, $connDatabase);
$sqlDropUser = "DROP USER %s@'%%'";
@@ -88,7 +88,7 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName
$sqlDropDb = $filter->preventSqlInjection($sqlDropDb, array($dbNameTest), $connDatabase);
@mysql_query($sqlDropDb, $connDatabase);
}
return array($success, ($message != "")? $message : $Server->error);
return array($success, ($message != "") ? $message : $Server->error);
} else {
return array(false, $Server->error);
}
@@ -110,65 +110,65 @@ switch ($request) {
//check if the APP_CACHE VIEW table and their triggers are installed
case 'info':
$result = new stdClass();
$result->info = Array ();
$result->info = array();
//check the language, if no info in config about language, the default is 'en'
G::loadClass( 'configuration' );
G::loadClass('configuration');
$oConf = new Configurations();
$oConf->loadConfig( $x, 'APP_CACHE_VIEW_ENGINE', '', '', '', '' );
$oConf->loadConfig($x, 'APP_CACHE_VIEW_ENGINE', '', '', '', '');
$appCacheViewEngine = $oConf->aConfig;
if (isset( $appCacheViewEngine['LANG'] )) {
if (isset($appCacheViewEngine['LANG'])) {
$lang = (defined('SYS_LANG')) ? SYS_LANG : $appCacheViewEngine['LANG'];
$status = strtoupper( $appCacheViewEngine['STATUS'] );
$status = strtoupper($appCacheViewEngine['STATUS']);
} else {
$confParams = Array ('LANG' => (defined('SYS_LANG')) ? SYS_LANG : 'en','STATUS' => '');
$confParams = array('LANG' => (defined('SYS_LANG')) ? SYS_LANG : 'en', 'STATUS' => '');
$oConf->aConfig = $confParams;
$oConf->saveConfig( 'APP_CACHE_VIEW_ENGINE', '', '', '' );
$oConf->saveConfig('APP_CACHE_VIEW_ENGINE', '', '', '');
$lang = (defined('SYS_LANG')) ? SYS_LANG : 'en';
$status = '';
}
//get user Root from hash
$result->info = array ();
$result->info = array();
$result->error = false;
//setup the appcacheview object, and the path for the sql files
$appCache = new AppCacheView();
$appCache->setPathToAppCacheFiles( PATH_METHODS . 'setup' . PATH_SEP . 'setupSchemas' . PATH_SEP );
$appCache->setPathToAppCacheFiles(PATH_METHODS . 'setup' . PATH_SEP . 'setupSchemas' . PATH_SEP);
$res = $appCache->getMySQLVersion();
//load translations G::LoadTranslation
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_MYSQL_VERSION' ) ,'value' => $res);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_MYSQL_VERSION'), 'value' => $res);
$res = $appCache->checkGrantsForUser( false );
$res = $appCache->checkGrantsForUser(false);
$currentUser = $res['user'];
$currentUserIsSuper = $res['super'];
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_CURRENT_USER' ) ,'value' => $currentUser);
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_USER_SUPER_PRIVILEGE' ) ,'value' => $currentUserIsSuper);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_CURRENT_USER'), 'value' => $currentUser);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_USER_SUPER_PRIVILEGE'), 'value' => $currentUserIsSuper);
try {
PROPEL::Init( PATH_METHODS . 'dbConnections/rootDbConnections.php' );
$con = Propel::getConnection( "root" );
PROPEL::Init(PATH_METHODS . 'dbConnections/rootDbConnections.php');
$con = Propel::getConnection("root");
} catch (Exception $e) {
$result->info[] = array ('name' => 'Checking MySql Root user','value' => 'failed');
$result->info[] = array('name' => 'Checking MySql Root user', 'value' => 'failed');
$result->error = true;
$result->errorMsg = $e->getMessage();
}
//if user does not have the SUPER privilege we need to use the root user and grant the SUPER priv. to normal user.
if (! $currentUserIsSuper && ! $result->error) {
$res = $appCache->checkGrantsForUser( true );
if (! isset( $res['error'] )) {
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_ROOT_USER' ), 'value' => $res['user']);
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_ROOT_USER_SUPER' ), 'value' => $res['super']);
if (!$currentUserIsSuper && !$result->error) {
$res = $appCache->checkGrantsForUser(true);
if (!isset($res['error'])) {
$result->info[] = array('name' => G::LoadTranslation('ID_ROOT_USER'), 'value' => $res['user']);
$result->info[] = array('name' => G::LoadTranslation('ID_ROOT_USER_SUPER'), 'value' => $res['super']);
} else {
$result->info[] = array ('name' => 'Error','value' => $res['msg']);
$result->info[] = array('name' => 'Error', 'value' => $res['msg']);
}
$res = $appCache->setSuperForUser( $currentUser );
if (! isset( $res['error'] )) {
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_SETTING_SUPER' ), 'value' => G::LoadTranslation ( 'ID_SUCCESSFULLY' ));
$res = $appCache->setSuperForUser($currentUser);
if (!isset($res['error'])) {
$result->info[] = array('name' => G::LoadTranslation('ID_SETTING_SUPER'), 'value' => G::LoadTranslation('ID_SUCCESSFULLY'));
} else {
$result->error = true;
$result->errorMsg = $res['msg'];
@@ -179,55 +179,54 @@ switch ($request) {
//now check if table APPCACHEVIEW exists, and it have correct number of fields, etc.
$res = $appCache->checkAppCacheView();
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_TABLE' ),'value' => $res['found']);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_TABLE'), 'value' => $res['found']);
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_ROWS' ),'value' => $res['count']);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_ROWS'), 'value' => $res['count']);
//now check if we have the triggers installed
//APP_DELEGATION INSERT
$res = $appCache->triggerAppDelegationInsert( $lang, false );
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_TRIGGER_INSERT' ),'value' => $res);
$res = $appCache->triggerAppDelegationInsert($lang, false);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_TRIGGER_INSERT'), 'value' => $res);
//APP_DELEGATION Update
$res = $appCache->triggerAppDelegationUpdate( $lang, false );
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_TRIGGER_UPDATE' ),'value' => $res);
$res = $appCache->triggerAppDelegationUpdate($lang, false);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_TRIGGER_UPDATE'), 'value' => $res);
//APPLICATION UPDATE
$res = $appCache->triggerApplicationUpdate( $lang, false );
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_TRIGGER_APPLICATION_UPDATE' ),'value' => $res);
$res = $appCache->triggerApplicationUpdate($lang, false);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_TRIGGER_APPLICATION_UPDATE'), 'value' => $res);
//APPLICATION DELETE
$res = $appCache->triggerApplicationDelete( $lang, false );
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_TRIGGER_APPLICATION_DELETE' ),'value' => $res);
$res = $appCache->triggerApplicationDelete($lang, false);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_TRIGGER_APPLICATION_DELETE'), 'value' => $res);
//SUB_APPLICATION INSERT
$res = $appCache->triggerSubApplicationInsert($lang, false);
//CONTENT UPDATE
$res = $appCache->triggerContentUpdate( $lang, false );
$result->info[] = array ("name" => G::LoadTranslation ( 'ID_CACHE_BUILDER_TRIGGER_CONTENT_UPDATE' ),"value" => $res);
$res = $appCache->triggerContentUpdate($lang, false);
$result->info[] = array("name" => G::LoadTranslation('ID_CACHE_BUILDER_TRIGGER_CONTENT_UPDATE'), "value" => $res);
//show language
$result->info[] = array ('name' => G::LoadTranslation ( 'ID_CACHE_BUILDER_LANGUAGE' ),'value' => $lang);
$result->info[] = array('name' => G::LoadTranslation('ID_CACHE_BUILDER_LANGUAGE'), 'value' => $lang);
echo G::json_encode( $result );
echo G::json_encode($result);
break;
case 'getLangList':
$Translations = G::getModel( 'Translation' );
$Translations = G::getModel('Translation');
$result = new stdClass();
$result->rows = Array ();
$result->rows = array();
$langs = $Translations->getTranslationEnvironments();
foreach ($langs as $lang) {
$result->rows[] = Array ('LAN_ID' => $lang['LOCALE'],'LAN_NAME' => $lang['LANGUAGE']);
$result->rows[] = array('LAN_ID' => $lang['LOCALE'], 'LAN_NAME' => $lang['LANGUAGE']);
}
print (G::json_encode( $result )) ;
print (G::json_encode($result));
break;
case 'build':
$sqlToExe = Array ();
G::LoadClass( 'configuration' );
$sqlToExe = array();
G::LoadClass('configuration');
$conf = new Configurations();
//DEPRECATED $lang = $_POST['lang'];
@@ -237,57 +236,57 @@ switch ($request) {
try {
//setup the appcacheview object, and the path for the sql files
$appCache = new AppCacheView();
$appCache->setPathToAppCacheFiles( PATH_METHODS . 'setup' . PATH_SEP . 'setupSchemas' . PATH_SEP );
$appCache->setPathToAppCacheFiles(PATH_METHODS . 'setup' . PATH_SEP . 'setupSchemas' . PATH_SEP);
//Update APP_DELEGATION.DEL_LAST_INDEX data
$res = $appCache->updateAppDelegationDelLastIndex($lang, true);
//$result->info[] = array("name" => "update APP_DELEGATION.DEL_LAST_INDEX", "value" => $res);
//APP_DELEGATION INSERT
$res = $appCache->triggerAppDelegationInsert( $lang, true );
$res = $appCache->triggerAppDelegationInsert($lang, true);
//$result->info[] = array ('name' => 'Trigger APP_DELEGATION INSERT', 'value'=> $res);
//APP_DELEGATION Update
$res = $appCache->triggerAppDelegationUpdate( $lang, true );
$res = $appCache->triggerAppDelegationUpdate($lang, true);
//$result->info[] = array ('name' => 'Trigger APP_DELEGATION UPDATE', 'value'=> $res);
//APPLICATION UPDATE
$res = $appCache->triggerApplicationUpdate( $lang, true );
$res = $appCache->triggerApplicationUpdate($lang, true);
//$result->info[] = array ('name' => 'Trigger APPLICATION UPDATE', 'value'=> $res);
//APPLICATION DELETE
$res = $appCache->triggerApplicationDelete( $lang, true );
$res = $appCache->triggerApplicationDelete($lang, true);
//$result->info[] = array ('name' => 'Trigger APPLICATION DELETE', 'value'=> $res);
//SUB_APPLICATION INSERT
$res = $appCache->triggerSubApplicationInsert($lang, false);
//CONTENT UPDATE
$res = $appCache->triggerContentUpdate( $lang, true );
$res = $appCache->triggerContentUpdate($lang, true);
//$result->info[] = array("name" => "Trigger CONTENT UPDATE", "value" => $res);
//build using the method in AppCacheView Class
$res = $appCache->fillAppCacheView( $lang );
$res = $appCache->fillAppCacheView($lang);
//$result->info[] = array ('name' => 'build APP_CACHE_VIEW', 'value'=> $res);
//set status in config table
$confParams = Array ('LANG' => $lang,'STATUS' => 'active');
$confParams = array('LANG' => $lang, 'STATUS' => 'active');
$conf->aConfig = $confParams;
$conf->saveConfig( 'APP_CACHE_VIEW_ENGINE', '', '', '' );
$conf->saveConfig('APP_CACHE_VIEW_ENGINE', '', '', '');
$result = new StdClass();
$result->success = true;
$result->msg = G::LoadTranslation('ID_TITLE_COMPLETED');
G::auditLog("BuildCache");
echo G::json_encode( $result );
echo G::json_encode($result);
} catch (Exception $e) {
$confParams = Array ('lang' => $lang,'status' => 'failed');
$appCacheViewEngine = $oServerConf->setProperty( 'APP_CACHE_VIEW_ENGINE', $confParams );
$confParams = array('lang' => $lang, 'status' => 'failed');
$appCacheViewEngine = $oServerConf->setProperty('APP_CACHE_VIEW_ENGINE', $confParams);
echo '{success: false, msg:"' . $e->getMessage() . '"}';
}
@@ -296,37 +295,48 @@ switch ($request) {
$user = $_POST['user'];
$passwd = $_POST['password'];
$server = $_POST['host'];
$code = $_POST['codeCaptcha'];
$aServer = split(":", $server);
$serverName = $aServer[0];
$port = (count($aServer)>1) ? $aServer[1] : "none";
$port = (count($aServer) > 1) ? $aServer[1] : "none";
if ($code !== $_SESSION['securimage_code_disp']['default']) {
echo G::loadTranslation('ID_CAPTCHA_CODE_INCORRECT');
break;
}
list($sucess, $msgErr) = testConnection(DB_ADAPTER, $serverName, $user, $passwd, $port);
if ($sucess) {
$sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh );
$sh = G::encryptOld(filemtime(PATH_GULLIVER . "/class.g.php"));
$h = G::encrypt($_POST['host'] . $sh . $_POST['user'] . $sh . $_POST['password'] . $sh . (1), $sh);
$insertStatements = "define ( 'HASH_INSTALLATION','{$h}' ); \ndefine ( 'SYSTEM_HASH', '{$sh}' ); \n";
$lines = array ();
$lines = array();
$content = '';
$filename = PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths_installed.php';
$lines = file( $filename );
$lines = file($filename);
$count = 1;
foreach ($lines as $line_num => $line) {
$pos = strpos( $line, "define" );
$pos = strpos($line, "define");
if ($pos !== false && $count < 3) {
$content = $content . $line;
$count ++;
$count++;
}
}
$content = "<?php \n" . $content . "\n" . $insertStatements . "\n";
if (file_put_contents( $filename, $content ) != false) {
echo G::loadTranslation( 'ID_MESSAGE_ROOT_CHANGE_SUCESS' );
if (file_put_contents($filename, $content) != false) {
echo G::loadTranslation('ID_MESSAGE_ROOT_CHANGE_SUCESS');
} else {
echo G::loadTranslation( 'ID_MESSAGE_ROOT_CHANGE_FAILURE' );
echo G::loadTranslation('ID_MESSAGE_ROOT_CHANGE_FAILURE');
}
} else {
echo $msgErr;
}
break;
case 'captcha':
require_once PATH_TRUNK . 'vendor/dapphp/securimage/securimage.php';
$img = new Securimage();
$img->show();
break;
}

78
workflow/engine/templates/setup/appCacheViewConf.js
View File

@@ -3,7 +3,6 @@ Ext.onReady(function() {
Ext.QuickTips.init();
// turn on validation errors beside the field globally
Ext.form.Field.prototype.msgTarget = 'side';
var bd = Ext.getBody();
// Store
var store = new Ext.data.Store( {
@@ -109,17 +108,73 @@ Ext.onReady(function() {
disabled: false,
hidden: false,
value: ''
}
};
fieldsetRoot = {
var txtCode = {
allowBlank: false,
disabled: false,
fieldLabel: _('ID_CAPTCHA_INPUT_CODE'),// Security Code
id : 'txtCode',
name: 'code',
xtype : 'textfield'
};
var onCaptchaChange = function () {
Ext.get('cacheViewAjax').dom.src = 'appCacheViewAjax?request=captcha&t=' + Math.random();
};
var refreshBtn = new Ext.Button({
columnWidth: 0.1,
iconCls:'x-tbar-loading',
scale:'small',
handler : function() {
Ext.get('cacheViewAjax').dom.src = 'appCacheViewAjax?request=captcha&t=' + Math.random();
}
});
var boxCaptcha = new Ext.BoxComponent({
columnWidth: 0.9,
autoEl: {
tag:'img',
id: 'cacheViewAjax',
title : _('ID_CAPTCHA_REFRESH_CODE'), //Click to refresh code
src:'appCacheViewAjax?request=captcha&t=' + Math.random()
}
});
boxCaptcha.on('render',function (){
var curr = Ext.get('cacheViewAjax');
curr.on('click',onCaptchaChange,this);
},this);
var captcha = {
xtype:'fieldset',
hideLabels: true,
labelWidth: 0,
width: 350,
layout:'column',
border:false,
items:[
boxCaptcha,
refreshBtn
]
};
var fieldsetRoot = {
xtype : 'fieldset',
title : _('ID_CACHE_SUBTITLE_SETUP_DB'), // 'Setup MySql Root Password',
collapsible : true,
collapsed: true,
autoHeight : true,
defaults : { width : 170 },
defaults : { width : 200 },
defaultType : 'textfield',
items : [txtHost, txtUser, txtPasswd ],
items : [
txtHost,
txtUser,
txtPasswd,
captcha,
txtCode
],
buttons : [{
text : _('ID_CACHE_BTN_SETUP_PASSWRD'), // 'Setup Password',
handler : function() {
@@ -139,14 +194,14 @@ Ext.onReady(function() {
Ext.Msg.hide();
Ext.Msg.alert ( _('ID_ERROR'), response.responseText );
},
params: { request: 'recreate-root', lang: 'en', host: Ext.getCmp('txtHost').getValue(), user: Ext.getCmp('txtUser').getValue(), password: Ext.getCmp('txtPasswd').getValue() },
params: { request: 'recreate-root', lang: 'en', host: Ext.getCmp('txtHost').getValue(), user: Ext.getCmp('txtUser').getValue(), password: Ext.getCmp('txtPasswd').getValue(), codeCaptcha: Ext.getCmp('txtCode').getValue() },
// timeout : 1000
// 30 mins
timeout : 1000*60*30 //30 mins
});
}
}]
}
};
fsf.add(fieldsetRoot);
fsf.render(document.getElementById('main-panel'));
@@ -155,7 +210,7 @@ Ext.onReady(function() {
Ext.Ajax.request({
url: 'appCacheViewAjax',
success: function(response) {
myData = Ext.decode ( response.responseText );
var myData = Ext.decode ( response.responseText );
store.loadData(myData);
if ( myData.error ) {
Warning( _('ID_ERROR'), myData.errorMsg );
@@ -170,9 +225,10 @@ Ext.onReady(function() {
}); //ExtReady
var Warning = function( msgTitle, msgError ) {
tplEl = Ext.get ('errorMsg');
var tplEl = Ext.get ('errorMsg');
tplText = '<div style="font-size:12px; border: 1px solid #FF0000; background-color:#FFAAAA; display:block; padding:10px; color:#404000;"><b>' + msgTitle + ': </b>' + msgError + '</div>';
var tplText = '<div style="font-size:12px; border: 1px solid #FF0000; background-color:#FFAAAA; display:block;' +
' padding:10px; color:#404000;"><b>' + msgTitle + ': </b>' + msgError + '</div>';
tplEl.update ( tplText );
}
};