iglocska
commented
1 year ago Yeah, that definitely sounds like a bug, on multiple fronts:
- the user ID passed should not be 0/1 obviously
- we should gracefully handle invalid data in the bookmarks
Open skiddie0057 opened 1 year ago
iglocska
commented
1 year ago Yeah, that definitely sounds like a bug, on multiple fronts:
Dear Cerebrate team
As I was testing cerebrate I noticed that the application drops a 500 (internal server error) status code when editing bookmark info so I went poking around.
All I had to do is set my ui.bookmarks value to [][] and it crashed the whole service and I cannot log back in. I assume this isnt the case for other users? In case it is, this is important to fix as soon as possible.
Here is the description of the bug: When editing my bookmark value trough burpsuite (modifying the request) – putting the value from [] (which seems to be default) to [][] causes an error that cannot be bypassed by logging back in.
------WebKitFormBoundary95s3y2rpKQ9XevLE Content-Disposition: form-data; name="user_id"
87 -> my user ID, there is an issue here too, by default the user id is 0 or 1 meaning the wrong user id, i changed this to myself manually and it fixed the problems with modification issues (anothing thing you should fix, it should be an easy fix). Howerver then this issue happened ,below ------WebKitFormBoundary95s3y2rpKQ9XevLE Content-Disposition: form-data; name="name"
ui.bookmarks ------WebKitFormBoundary95s3y2rpKQ9XevLE Content-Disposition: form-data; name="value"
[][] -> causes the crash “““array_map(): Argument #2 ($array) must be of type array, null given“““ Fix? Easy. Just change it back to [] or whatever default value is, it should be []
Please set the value of my bookmark to a default one to fix the issue. If the issue affected other users too - this should be an urgent fix.
Kindest regards,
F.O.