search

olehj / disklocation

Disk Location is a plugin for Unraid.
https://forums.unraid.net/topic/77302-plugin-disk-location
GNU General Public License v3.0
21 stars 3 forks source link

I found some security issues #171

Closed OmgImAlexis closed 2 years ago

OmgImAlexis commented 2 years ago

Hi,

What's your process for reporting security sensitive issues?

olehj commented 2 years ago

Just post it here, hopefully no one runs Unraid directly connected to the internet. No point of hiding stuff.

OmgImAlexis commented 2 years ago

None of the $_GET are escaped/sanitized leading to code injection.

https://github.com/olehj/disklocation/blob/master/disklocation/pages/script/locate_script_top.js.php#L55

http://tower.local/plugins/disklocation/pages/script/locate_script_top.js.php?v=1629174602&path=%27);%20alert(1);%20//
OmgImAlexis commented 2 years ago

SQL injection https://github.com/olehj/disklocation/blob/master/disklocation/pages/system.php#L695-L697

OmgImAlexis commented 2 years ago

Actually that file has the same type of SQL issue in a few other places too https://github.com/olehj/disklocation/blob/6aa5e7a73675f4b112362621fca0eacd297e9a67/disklocation/pages/system.php#L721-L726