web based page is B0rked - Githubissues

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup

http://gamelinux.org/

1.67k stars 372 forks source link

web based page is B0rked #87

Open xxdesmus opened 7 years ago

xxdesmus commented 7 years ago

Nginx nginx/1.11.7 with PHP-FPM PHP 7.0.8-0ubuntu0.16.04.3 (cli) ( NTS )

# Configure Start
$DATABASE = "XXXXXXX:3306";
$DBUSER   = "pdns";
$DBTABLE  = "pdns";
$DBPASSWD = "XXXXXXX";
$DBLIMIT  = 500;
# Configure End

the server where Nginx+PHP are running is able to talk to the database server:

nc -v -z XXXXXXX 3306
Connection to XXXXXXX 3306 port [tcp/mysql] succeeded!

I don't see any other error messages displayed (in the page source code, or console), but I just end up with "B0rked". Is there additional debugging I can enable or output to get a better idea of what is broken?

Thanks! PassiveDNS continues to work great otherwise!

gamelinux commented 7 years ago

"B0rked" comes from function sanitize($in), so the input does not match a domain, IPv4 or IPv6 ? The pcre checks are not great, so you might want to update them etc to fit you needs. You can try to return $qvar right after the start of the function?

Edit the php function to be:

function sanitize($in) { $qvar = strip_tags(addslashes(getVar($in))); return $qvar; }

xxdesmus commented 7 years ago

Thanks! I'll keep messing with this.