Análise de vulnerabilidade do arquivo html/saude/listar_historico_pacientes.php

[joaopontes22]

Vulnerability Analysis

Vulnerabilidades encontradas:

1. SQL Injection: O código contém uma falha de segurança ao utilizar a variável $id_pessoa diretamente na query SQL sem validar ou escapar os dados. Isso pode permitir que um usuário mal-intencionado injete código SQL malicioso, comprometendo a integridade do banco de dados.

2. Redirecionamento inseguro: O código realiza redirecionamentos de página através do uso da função header(), porém não há uma validação adequada das informações antes de redirecionar. Isso poderia permitir ataques de redirecionamento para páginas maliciosas, como phishing.

Como corrigir:

1. Prevenção contra SQL Injection: Utilize prepared statements ou funções como mysqli_real_escape_string() para escapar os parâmetros da query antes de executá-la.

Exemplo de como corrigir a query:

$id_pessoa = mysqli_real_escape_string($conexao, $_SESSION['id_pessoa']);
$resultado = mysqli_query($conexao, "SELECT * FROM funcionario WHERE id_pessoa=$id_pessoa");

2. Validação de Redirecionamento: Antes de redirecionar o usuário, verifique se a URL ou caminho para onde está sendo redirecionado é uma página válida e segura.

Exemplo de como corrigir o redirecionamento:

$msg = "Você não tem as permissões necessárias para essa página.";
header("Location: ../home.php?msg_c=$msg");

[joaopontes22]

[Fri Jul 19 17:31:19.282476 2024] [php:warn] [pid 430:tid 430] [client 177.107.231.54:59047] PHP Warning: Undefined array key "saude" in /var/www/html/WeGIA/html/saude/listar_historico_pacientes.php on line 127, referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:31:19.313604 2024] [security2:error] [pid 430:tid 430] [client 177.107.231.54:59047] [client 177.107.231.54] ModSecurity: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \x0a\x0a<!doctype html>\x0a\x0a\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x09<link rel=\x22stylesheet\x22 href=\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi54ucN7_cfF0OdwYitwAAAAM"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:31:19.316270 2024] [security2:error] [pid 430:tid 430] [client 177.107.231.54:59047] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi54ucN7_cfF0OdwYitwAAAAM"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:31:19.316698 2024] [security2:error] [pid 430:tid 430] [client 177.107.231.54:59047] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi54ucN7_cfF0OdwYitwAAAAM"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php

[joaopontes22]

--76a1494a-A-- [19/Jul/2024:17:31:28.658892 +0000] Zpqi8NgOtsp5PdsX73hLiAAAAAk 177.107.231.54 59051 10.0.0.80 443 --76a1494a-B-- GET /WeGIA/html/saude/listar_historico_pacientes.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=njv6u6eini57n61ik14rkqa5js; _ga_F8DXBXLV8J=GS1.1.1721409912.30.1.1721410248.2.0.0 ‌ --76a1494a-F-- HTTP/1.1 403 Forbidden Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ‌ --76a1494a-E-- ‌ ‌ <!doctype html>

‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

‌

Histórico dos pacientes

‌

2. Histórico dos pacientes

‌

‌ ‌

‌

Pacientes

‌

Nome	Ação

‌ ‌

‌ ‌ --76a1494a-H-- Message: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \x0a\x0a<!doctype html>\x0a\x0a\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x09<link rel=\x22stylesheet\x22 href=\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] Message: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] Message: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 358] [level 4] PHP Warning: Undefined array key "saude" in /var/www/html/WeGIA/html/saude/listar_historico_pacientes.php on line 127 Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \\x0a\\x0a<!doctype html>\\x0a\\x0a\\x0a\\x0a\\x09\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x09<link rel=\\x22stylesheet\\x22 href=\\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi8NgOtsp5PdsX73hLiAAAAAk"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi8NgOtsp5PdsX73hLiAAAAAk"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/listar_historico_pacientes.php"] [unique_id "Zpqi8NgOtsp5PdsX73hLiAAAAAk"] Action: Intercepted (phase 4) Apache-Handler: application/x-httpd-php Stopwatch: 1721410288615431 53564 (- - -) Stopwatch2: 1721410288615431 53564; combined=37506, p1=832, p2=2730, p3=129, p4=33570, p5=245, sr=157, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --76a1494a-Z-- ‌