Análise de vulnerabilidade do arquivo html/saude/administrar_medicamento.php

[joaopontes22]

Vulnerability Analysis A vulnerabilidade presente no código é a falta de tratamento adequado para verificar se o resultado da consulta retornada pela função mysqli_query é um resource ou uma variável nula.

Em diversos pontos do código, a verificação !is_null($resultado) é utilizada para verificar se o resultado da consulta é nulo ou não. No entanto, a função mysqli_query retorna um objeto mysqli_result, que é um tipo de resource, mesmo que a consulta não tenha retornado nenhum resultado. Portanto, a verificação correta para verificar se a consulta retornou algum resultado é utilizando mysqli_num_rows($resultado).

Além disso, o código está sujeito a ataques de Injeção de SQL, pois está inserindo diretamente o valor da variável $id_pessoa na consulta SQL sem nenhum tipo de validação ou sanitização. Recomenda-se o uso de prepared statements para evitar esse tipo de vulnerabilidade.

Por fim, há a possibilidade de uma vulnerabilidade de Inclusão de Arquivos, já que o código inclui o arquivo especificado na variável $config_path sem realizar uma verificação adequada do conteúdo do arquivo. Caso um usuário malicioso consiga modificar o arquivo config.php, pode incluir um arquivo malicioso, comprometendo a segurança do sistema. Recomenda-se, nesse caso, validar o conteúdo do arquivo antes de incluí-lo no código.

[joaopontes22]

[Fri Jul 19 17:30:00.980193 2024] [php:warn] [pid 429:tid 429] [client 177.107.231.54:58987] PHP Warning: Undefined array key "saude" in /var/www/html/WeGIA/html/saude/administrar_medicamento.php on line 126, referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:30:01.011324 2024] [security2:error] [pid 429:tid 429] [client 177.107.231.54:58987] [client 177.107.231.54] ModSecurity: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \x0a\x0a<!doctype html>\x0a\x0a\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x09<link rel=\x22stylesheet\x22 href=\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqimPdZO4RcenS-SIkjWgAAAAI"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:30:01.013939 2024] [security2:error] [pid 429:tid 429] [client 177.107.231.54:58987] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqimPdZO4RcenS-SIkjWgAAAAI"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php [Fri Jul 19 17:30:01.014337 2024] [security2:error] [pid 429:tid 429] [client 177.107.231.54:58987] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqimPdZO4RcenS-SIkjWgAAAAI"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php

[joaopontes22]

--31191c5a-A-- [19/Jul/2024:17:30:40.555760 +0000] ZpqiwDAtFU1e9LoIKADuDwAAAAE 177.107.231.54 59024 10.0.0.80 443 --31191c5a-B-- GET /WeGIA/html/saude/administrar_medicamento.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/saude/cadastro_ficha_medica.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=njv6u6eini57n61ik14rkqa5js; _ga_F8DXBXLV8J=GS1.1.1721409912.30.1.1721410190.60.0.0 ‌ --31191c5a-F-- HTTP/1.1 403 Forbidden Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ‌ --31191c5a-E-- ‌ ‌ <!doctype html>

‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

‌

Administrar medicamento

‌

2. Administrar medicamento

‌

‌ ‌

‌

Pacientes

‌

Nome	Ação

‌ ‌

‌ ‌ --31191c5a-H-- Message: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \x0a\x0a<!doctype html>\x0a\x0a\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x0a\x09\x0a\x09\x0a\x0a\x09\x0a\x09<link rel=\x22stylesheet\x22 href=\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] Message: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] Message: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "./sapi/apache2handler/sapi_apache2.c"] [line 358] [level 4] PHP Warning: Undefined array key "saude" in /var/www/html/WeGIA/html/saude/administrar_medicamento.php on line 126 Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Matched phrase " on line " at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "46"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: on line found within RESPONSE_BODY: \\x0a\\x0a<!doctype html>\\x0a\\x0a\\x0a\\x0a\\x09\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x09\\x0a\\x0a\\x09\\x0a\\x09<link rel=\\x22stylesheet\\x22 href=\\x22../../assets/vendor/bootstrap/css/..."] [severity "ERROR"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqiwDAtFU1e9LoIKADuDwAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 4). Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "77"] [id "959100"] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [ver "OWASP_CRS/3.3.4"] [tag "anomaly-evaluation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqiwDAtFU1e9LoIKADuDwAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "103"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/html/saude/administrar_medicamento.php"] [unique_id "ZpqiwDAtFU1e9LoIKADuDwAAAAE"] Action: Intercepted (phase 4) Apache-Handler: application/x-httpd-php Stopwatch: 1721410240512554 50861 (- - -) Stopwatch2: 1721410240512554 50861; combined=37499, p1=841, p2=2687, p3=89, p4=33649, p5=233, sr=168, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --31191c5a-Z-- ‌

[FlameOff]

Parada do Firewall