Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 47c10491 authored by Gary Allan's avatar Gary Allan
Browse files

Bugfix: Use HTTPS for ripe/arin queries. 

Prevent reflected XSS in ripe/arin data in low probability scenario
an attacker can proxy and modify Internet RIPE/ARIN requests.
parent 2104e440
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
app/admin/subnets/ripe-query.php
+ 4
2
View file @ 47c10491
...@@ -22,14 +22,14 @@ $res = $Subnets->resolve_ripe_arin ($_POST['subnet']); ...@@ -22,14 +22,14 @@ $res = $Subnets->resolve_ripe_arin ($_POST['subnet']);
?> ?>
<!-- header --> <!-- header -->
<div class="pHeader"><?php print _(ucwords($res['result'])); ?></div> <div class="pHeader"><?php print _(ucwords(escape_input($res['result']))); ?></div>
<!-- content --> <!-- content -->
<div class="pContent"> <div class="pContent">
<?php <?php
// error ? // error ?
if ($res['result']=="error") { if ($res['result']=="error") {
$Result->show("danger", _(ucwords($res['error'])), false); $Result->show("danger", _(ucwords(escape_input($res['error']))), false);
} }
// ok, print field matching // ok, print field matching
else { else {
...@@ -53,6 +53,8 @@ $res = $Subnets->resolve_ripe_arin ($_POST['subnet']); ...@@ -53,6 +53,8 @@ $res = $Subnets->resolve_ripe_arin ($_POST['subnet']);
// loop // loop
if (isset($res['data'])) { if (isset($res['data'])) {
foreach ($res['data'] as $k=>$d) { foreach ($res['data'] as $k=>$d) {
$d = escape_input($d);
print "<tr>"; print "<tr>";
print "<td>"; print "<td>";
print " <span class='text-muted'>$k</span>: $d"; print " <span class='text-muted'>$k</span>: $d";
......
functions/classes/class.Subnets.php
+ 2
2
View file @ 47c10491
...@@ -3524,7 +3524,7 @@ class Subnets extends Common_functions { ...@@ -3524,7 +3524,7 @@ class Subnets extends Common_functions {
* Queries ripe for subnet information * Queries ripe for subnet information
* *
* Example: * Example:
* curl -X GET -H "Accept: application/json" "http://rest.db.ripe.net/ripe/inetnum/185.72.140.0/24" * curl -X GET -H "Accept: application/json" "https://rest.db.ripe.net/ripe/inetnum/185.72.140.0/24"
* *
* @access private * @access private
* @param mixed $subnet * @param mixed $subnet
...@@ -3620,7 +3620,7 @@ class Subnets extends Common_functions { ...@@ -3620,7 +3620,7 @@ class Subnets extends Common_functions {
*/ */
private function ripe_arin_fetch ($network, $type, $subnet) { private function ripe_arin_fetch ($network, $type, $subnet) {
// set url // set url
$url = $network=="ripe" ? "http://rest.db.ripe.net/ripe/$type/$subnet" : "http://whois.arin.net/rest/nets;q=$subnet?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2"; $url = $network=="ripe" ? "https://rest.db.ripe.net/ripe/$type/$subnet" : "https://whois.arin.net/rest/nets;q=$subnet?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2";
$result = $this->curl_fetch_url($url, ["Accept: application/json"]); $result = $this->curl_fetch_url($url, ["Accept: application/json"]);
......
misc/CHANGELOG
+ 1
0
View file @ 47c10491
...@@ -91,6 +91,7 @@ ...@@ -91,6 +91,7 @@
+ XSS while uploading CVS files; + XSS while uploading CVS files;
+ XSS (reflected) in 'find subnets'; + XSS (reflected) in 'find subnets';
+ Incorrect privilege assignments (#3506); + Incorrect privilege assignments (#3506);
+ XXS (reflected) in ripe-arin-query;
Translations: Translations:
---------------------------- ----------------------------
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)