search

nilsonLazarin / WeGIA

WeGIA: Web gerenciador para instituições assistenciais
Other
5 stars 6 forks source link

Análise de vulnerabilidade do arquivo html/cadastro_produto.php #137

Open joaopontes22 opened 6 months ago

joaopontes22 commented 6 months ago

Vulnerability Analysis

  1. Possível injecção de SQL: o código pode sofrer um ataque de injeção de SQL na linha:
$resultado = mysqli_query($conexao, "SELECT * FROM funcionario WHERE id_pessoa=$id_pessoa");

Para corrigir a vulnerabilidade por injeção de SQL, você pode usar consultas preparadas do MySQLi. Aqui está um exemplo de como modificar o código para evitar esse problema:

$stmt = $conexao->prepare("SELECT * FROM funcionario WHERE id_pessoa= ?");
$stmt->bind_param("i", $id_pessoa);
$stmt->execute();
$resultado = $stmt->get_result();

  1. Falta de validação de entrada: as entradas do usuário não estão sendo validadas antes de serem usadas em consultas SQL, o que pode criar um problema de segurança. Sem a validação adequada, os usuários podem manipular os dados para explorar vulnerabilidades.

  2. Mensagens de erro reveladoras: as mensagens de erro reveladoras podem dar aos invasores informações úteis sobre o sistema, como detalhes internos da aplicação ou estrutura do banco de dados. É importante fornecer mensagens genéricas para os usuários e registrar detalhes completos de erros em logs seguros.

  3. Possibilidade de XSS (Cross-Site Scripting): Entradas do usuário não estão sendo adequadamente validadas ou sanitizadas antes de serem exibidas na página, o que pode levar a vulnerabilidades de XSS. Certifique-se de sanitizar todas as entradas do usuário antes de exibi-las.

  4. Redirecionamento não seguro: As funções de redirecionamento devem ser cuidadosamente implementadas para evitar vulnerabilidades como ataques de redirecionamento aberto. É importante validar a entrada do usuário antes de redirecionar.

Certifique-se de corrigir essas vulnerabilidades para garantir a segurança do seu aplicativo.

joaopontes22 commented 4 months ago

[Thu Jul 18 15:14:15.161793 2024] [security2:error] [pid 600:tid 600] [client 177.107.231.54:62258] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxR1HsY5o8URkhNoVsnAAAAAo"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:14:15.161922 2024] [security2:error] [pid 600:tid 600] [client 177.107.231.54:62258] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxR1HsY5o8URkhNoVsnAAAAAo"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:14:15.165345 2024] [security2:error] [pid 600:tid 600] [client 177.107.231.54:62258] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxR1HsY5o8URkhNoVsnAAAAAo"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:14:15.165706 2024] [security2:error] [pid 600:tid 600] [client 177.107.231.54:62258] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxR1HsY5o8URkhNoVsnAAAAAo"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php

joaopontes22 commented 4 months ago

--f1c28307-A-- [18/Jul/2024:15:14:32.551483 +0000] ZpkxWMABqX7_VLZSCQXBTQAAAAQ 177.107.231.54 62267 10.0.0.80 443 --f1c28307-B-- GET /WeGIA//controle/control.php?metodo=listarTodos&nomeClasse=UnidadeControle&nextPage=../html/cadastro_produto.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721315628.31.0.0 ‌ --f1c28307-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ‌ --f1c28307-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden

You don't have permission to access this resource.

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 8000

‌ --f1c28307-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxWMABqX7_VLZSCQXBTQAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/cadastro_produto.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxWMABqX7_VLZSCQXBTQAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxWMABqX7_VLZSCQXBTQAAAAQ"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkxWMABqX7_VLZSCQXBTQAAAAQ"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721315672544532 7820 (- - -) Stopwatch2: 1721315672544532 7820; combined=6111, p1=922, p2=4889, p3=0, p4=0, p5=300, sr=214, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --f1c28307-Z-- ‌