search

Deeds101 / CYBR8420-project

3 stars 5 forks source link

Code Review #6 #40

Open Atmcalpine opened 7 months ago

Atmcalpine commented 7 months ago

Code review for the following files:

kdherrm88 commented 7 months ago

Functions.php The file is missing the HttpOnly and Secure attributes for setcookie (set to false by default) in two separate places – line 319 and 321. This flag should be set to true to protect the created cookie from any possible malicious code creation/usage, or possible Man-in-the-Middle attacks from the client side.

CWE 1004 CWE 614

portal/login_reset.php This file has potential SQL Injection and Cross-Site Scripting vulnerabilities. The SQL Injection vulnerability is caused by a failure to sanitize input from HTTP parameter flows into _mysqliquery in lines 56, 67, 91, 115, 126, 149-150, and 208. The Cross-Site Scripting vulnerability is also caused by the failure to sanitize input from HTTP parameter flows into an echo statement which is used to render an HTML page, and then returned to the user in lines 223-224.

CWE 89 CWE 79

kdherrm88 commented 7 months ago

Update after re-scan, the Cross-Site Scripting vulnerability for portal/login_reset.php seems to be a false positive as the variable $token is sanitized earlier in the file. Functions.php remains the same.

post/ticket.php

This file contains a potential Open Redirect vulnerability caused by the failure to properly sanitize input from HTTP header flows into header, which is used as a URL redirect for the user. Lines 163, 182, 202, 222, 252, 272, 292, 311, 351, 373, 414, 448, 586, 607, 625, 642, 655, 663, 679, 702, 783, 953, 981, 1007, 1036.

CWE 601

kdherrm88 commented 7 months ago

Functions.php This file is noted as having the following vulnerabilities: • Sensitive Cookie in HTTPS Session Without ‘Secure’ and ‘HTTPOnly’ Attributes o This vulnerability occurs in lines 319 and 321 due to “setcookie” missing the HttpOnly and Secure attributes (which are set to false by default). This flag should be set to true to protect the created cookie from any possible malicious code creation/usage, or possible Man-in-the-Middle attacks from the client side.

o CWE 1004 o CWE 614

Post/ticket.php This file is noted as having the following vulnerabilities: • Open Redirect o This vulnerability occurs in multiple lines (163, 182, 202, 222, 252, 272, 292, 311, 351, 373, 414, 448, 586, 607, 625, 642, 655, 663, 679, 702, 783, 953, 981, 1007, 1036) and is due to the failure to properly properly sanitize input from HTTP header flows into “header” where this flow is used as a URL redirect directly to the user. This URL should be a fixed URL or should be validated prior to passing it on to the user.

o CWE 601