Missing validation when checking domain settings

Raikia / FiercePhish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

https://github.com/Raikia/FiercePhish/wiki

GNU General Public License v3.0

1.29k stars 253 forks source link

Missing validation when checking domain settings #66

Open digininja opened 6 years ago

digininja commented 6 years ago

On the "Check Email Settings" page ( /emails/check ), if you put in a value that isn't a domain name when checking the domain, the site redirects to the dashboard rather than staying on the page and giving an error.

Raikia commented 6 years ago

Yeah, that's due to silly error handling here: https://github.com/Raikia/FiercePhish/blob/master/resources/views/emails/check_settings.blade.php#L177

This won't exist in v2.0 so it will disappear then. Thanks for the report!