Hi!
anyone who calls ...
http://xxxx.com/graph_image.php?graphid=some_id&rraid=1
... directly has access to all graphs!
Has anyone an idea how to fix this problem?
Greets
Chris
Security problem in graph_image.php!
Moderators: Developers, Moderators
Fixed!
Hi again,
after some testing (i'm not a coder!) the auth-check is now working...
greets
chris
after some testing (i'm not a coder!) the auth-check is now working...
Code: Select all
<?/*
+-------------------------------------------------------------------------+
| Copyright (C) 2002 Ian Berry |
| |
| This program is free software; you can redistribute it and/or |
| modify it under the terms of the GNU General Public License |
| as published by the Free Software Foundation; either version 2 |
| of the License, or (at your option) any later version. |
| |
| This program is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| GNU General Public License for more details. |
+-------------------------------------------------------------------------+
| cacti: the rrdtool frontend [php-auth, php-tree, php-form] |
+-------------------------------------------------------------------------+
| This code is currently maintained and debugged by Ian Berry, any |
| questions or comments regarding this code should be directed to: |
| - iberry@raxnet.net |
+-------------------------------------------------------------------------+
| - raXnet - http://www.raxnet.net/ |
+-------------------------------------------------------------------------+
*/?>
<?
session_start();
include ("include/rrd_functions.php");
include ("include/database.php");
include ('include/config.php');
include ('include/functions.php');
header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");
header("Content-type: image/png");
if ($config["global_auth"]["value"] == "on") {
global $HTTP_SESSION_VARS;
$user_id = GetCurrentUserID($HTTP_SESSION_VARS['user_id'], $config["guest_user"]["value"]);
$sql_id_auth = mysql_query("select graphpolicy from auth_users where id=$user_id", $cnn_id);
$config["graph_policy"]["auth"] = mysql_result($sql_id_auth, 0, "graphpolicy");
$sql_id = mysql_query("select userid from auth_graph where graphid=$graphid and userid=" . GetCurrentUserID($HTTP_SESSION_VARS['user_id'],$config["guest_user"]["value"]),$cnn_id);
if ($config["graph_policy"]["auth"] == "1") {
if (mysql_num_rows($sql_id) > 0) { $access_denied = true; }
}elseif ($config["graph_policy"]["auth"] == "2") {
if (mysql_num_rows($sql_id) == 0) { $access_denied = true; }
}
if ($access_denied == true) {
echo "ACCESS DENIED DUDE"; exit;
}
}
$sql_id = mysql_query("select id from rrd_graph where id=$graphid",$cnn_id);
if (mysql_num_rows($sql_id) == 0) {
print "<strong><font size=\"+1\" color=\"FF0000\">THIS GRAPH DOES NOT EXIST BUDDY</font></strong>"; exit;
}
if ($graph_start != "") {
$graph_data_array["use"] = true;
$graph_data_array["graph_start"] = $graph_start;
$graph_data_array["graph_height"] = $graph_height;
$graph_data_array["graph_width"] = $graph_width;
}
if ($graph_nolegend != "") {
$graph_data_array["graph_nolegend"] = $graph_nolegend;
}
$graph_data_array["print_source"] = $showsource;
print rrdtool_function_graph($graphid, $rraid, $graph_data_array);
?>
chris
Just some notes on this bug.... I think it appeared a few versions ago when I replaced cacti's use of cookies with PHP's sessions. However after fixing this bug in 0.8, I found that it causes problems under win32.
It seems to affect the ISAPI module for both Apache and IIS, but not PHP in CGI mode. I submitted a bug report, but nothing useful has come from it yet.
Hopefully this won't cause anyone too much hassle when I do release 0.8.
-Ian
It seems to affect the ISAPI module for both Apache and IIS, but not PHP in CGI mode. I submitted a bug report, but nothing useful has come from it yet.
Hopefully this won't cause anyone too much hassle when I do release 0.8.
-Ian
Who is online
Users browsing this forum: No registered users and 4 guests