mirror of https://github.com/gophish/gophish
Fixing XSS Vulnerabilities
This pull request fixed XSS vulnerabilities identified in the gophish admin panel. **Important: These vulnerabilities could only be exploited if someone had access to the admin panel already, and could only exploit the vulnerability against the same account.**pull/382/head
parent
b7a2af338b
commit
bfb7fd11e8
|
@ -21,6 +21,8 @@ func init() {
|
||||||
gob.Register(&models.User{})
|
gob.Register(&models.User{})
|
||||||
gob.Register(&models.Flash{})
|
gob.Register(&models.Flash{})
|
||||||
Store.Options.HttpOnly = true
|
Store.Options.HttpOnly = true
|
||||||
|
// This sets the maxAge to 5 days for all cookies
|
||||||
|
Store.MaxAge(86400 * 5)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Store contains the session information for the request
|
// Store contains the session information for the request
|
||||||
|
|
|
@ -33,6 +33,7 @@ import (
|
||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/NYTimes/gziphandler"
|
"github.com/NYTimes/gziphandler"
|
||||||
|
"github.com/gophish/gophish/auth"
|
||||||
"github.com/gophish/gophish/config"
|
"github.com/gophish/gophish/config"
|
||||||
"github.com/gophish/gophish/controllers"
|
"github.com/gophish/gophish/controllers"
|
||||||
"github.com/gophish/gophish/models"
|
"github.com/gophish/gophish/models"
|
||||||
|
@ -53,6 +54,7 @@ func main() {
|
||||||
go func() {
|
go func() {
|
||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
adminHandler := gziphandler.GzipHandler(controllers.CreateAdminRouter())
|
adminHandler := gziphandler.GzipHandler(controllers.CreateAdminRouter())
|
||||||
|
auth.Store.Options.Secure = config.Conf.AdminConf.UseTLS
|
||||||
if config.Conf.AdminConf.UseTLS { // use TLS for Admin web server if available
|
if config.Conf.AdminConf.UseTLS { // use TLS for Admin web server if available
|
||||||
Logger.Printf("Starting admin server at https://%s\n", config.Conf.AdminConf.ListenURL)
|
Logger.Printf("Starting admin server at https://%s\n", config.Conf.AdminConf.ListenURL)
|
||||||
Logger.Fatal(http.ListenAndServeTLS(config.Conf.AdminConf.ListenURL, config.Conf.AdminConf.CertPath, config.Conf.AdminConf.KeyPath,
|
Logger.Fatal(http.ListenAndServeTLS(config.Conf.AdminConf.ListenURL, config.Conf.AdminConf.CertPath, config.Conf.AdminConf.KeyPath,
|
||||||
|
|
|
@ -29,7 +29,7 @@ function launch() {
|
||||||
groups = []
|
groups = []
|
||||||
$.each($("#groupTable").DataTable().rows().data(), function(i, group) {
|
$.each($("#groupTable").DataTable().rows().data(), function(i, group) {
|
||||||
groups.push({
|
groups.push({
|
||||||
name: group[0]
|
name: unescapeHtml(group[0])
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
campaign = {
|
campaign = {
|
||||||
|
@ -311,13 +311,13 @@ $(document).ready(function() {
|
||||||
$.each(campaigns, function(i, campaign) {
|
$.each(campaigns, function(i, campaign) {
|
||||||
label = labels[campaign.status] || "label-default";
|
label = labels[campaign.status] || "label-default";
|
||||||
campaignTable.row.add([
|
campaignTable.row.add([
|
||||||
campaign.name,
|
escapeHtml(campaign.name),
|
||||||
moment(campaign.created_date).format('MMMM Do YYYY, h:mm:ss a'),
|
moment(campaign.created_date).format('MMMM Do YYYY, h:mm:ss a'),
|
||||||
"<span class=\"label " + label + "\">" + campaign.status + "</span>",
|
"<span class=\"label " + label + "\">" + campaign.status + "</span>",
|
||||||
"<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='left' title='View Results'>\
|
"<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='left' title='View Results'>\
|
||||||
<i class='fa fa-bar-chart'></i>\
|
<i class='fa fa-bar-chart'></i>\
|
||||||
</a>\
|
</a>\
|
||||||
<span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Copy Campaign' onclick='copy(" + i + ")'>\
|
<span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Copy Campaign' onclick='copy(" + i + ")'>\
|
||||||
<i class='fa fa-copy'></i>\
|
<i class='fa fa-copy'></i>\
|
||||||
</button></span>\
|
</button></span>\
|
||||||
<button class='btn btn-danger' onclick='deleteCampaign(" + i + ")' data-toggle='tooltip' data-placement='left' title='Delete Campaign'>\
|
<button class='btn btn-danger' onclick='deleteCampaign(" + i + ")' data-toggle='tooltip' data-placement='left' title='Delete Campaign'>\
|
||||||
|
@ -337,7 +337,7 @@ $(document).ready(function() {
|
||||||
$("#groupForm").submit(function() {
|
$("#groupForm").submit(function() {
|
||||||
// Add row to group table.
|
// Add row to group table.
|
||||||
var newRow = groupTable.row.add([
|
var newRow = groupTable.row.add([
|
||||||
$("#groupSelect").val(),
|
escapeHtml($("#groupSelect").val()),
|
||||||
'<span style="cursor:pointer;"><i class="fa fa-trash-o"></i></span>'
|
'<span style="cursor:pointer;"><i class="fa fa-trash-o"></i></span>'
|
||||||
]).draw().node();
|
]).draw().node();
|
||||||
|
|
||||||
|
@ -379,7 +379,7 @@ $(document).ready(function() {
|
||||||
return '<div class="tt-suggestion">No groups matched that query</div>'
|
return '<div class="tt-suggestion">No groups matched that query</div>'
|
||||||
},
|
},
|
||||||
suggestion: function(data) {
|
suggestion: function(data) {
|
||||||
return '<div>' + data.name + '</div>'
|
return '<div>' + escapeHtml(data.name) + '</div>'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -412,7 +412,7 @@ $(document).ready(function() {
|
||||||
return '<div class="tt-suggestion">No templates matched that query</div>'
|
return '<div class="tt-suggestion">No templates matched that query</div>'
|
||||||
},
|
},
|
||||||
suggestion: function(data) {
|
suggestion: function(data) {
|
||||||
return '<div>' + data.name + '</div>'
|
return '<div>' + escapeHtml(data.name) + '</div>'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -443,7 +443,7 @@ $(document).ready(function() {
|
||||||
return '<div class="tt-suggestion">No pages matched that query</div>'
|
return '<div class="tt-suggestion">No pages matched that query</div>'
|
||||||
},
|
},
|
||||||
suggestion: function(data) {
|
suggestion: function(data) {
|
||||||
return '<div>' + data.name + '</div>'
|
return '<div>' + escapeHtml(data.name) + '</div>'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -474,7 +474,7 @@ $(document).ready(function() {
|
||||||
return '<div class="tt-suggestion">No profiles matched that query</div>'
|
return '<div class="tt-suggestion">No profiles matched that query</div>'
|
||||||
},
|
},
|
||||||
suggestion: function(data) {
|
suggestion: function(data) {
|
||||||
return '<div>' + data.name + '</div>'
|
return '<div>' + escapeHtml(data.name) + '</div>'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
@ -61,7 +61,7 @@ $(document).ready(function() {
|
||||||
var label = labels[campaign.status] || "label-default";
|
var label = labels[campaign.status] || "label-default";
|
||||||
// Add it to the table
|
// Add it to the table
|
||||||
campaignTable.row.add([
|
campaignTable.row.add([
|
||||||
campaign.name,
|
escapeHtml(campaign.name),
|
||||||
campaign_date,
|
campaign_date,
|
||||||
"<span class=\"label " + label + "\">" + campaign.status + "</span>",
|
"<span class=\"label " + label + "\">" + campaign.status + "</span>",
|
||||||
"<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='right' title='View Results'>\
|
"<div class='pull-right'><a class='btn btn-primary' href='/campaigns/" + campaign.id + "' data-toggle='tooltip' data-placement='right' title='View Results'>\
|
||||||
|
|
|
@ -131,7 +131,7 @@ function load() {
|
||||||
pagesTable.clear()
|
pagesTable.clear()
|
||||||
$.each(pages, function(i, page) {
|
$.each(pages, function(i, page) {
|
||||||
pagesTable.row.add([
|
pagesTable.row.add([
|
||||||
page.name,
|
escapeHtml(page.name),
|
||||||
moment(page.modified_date).format('MMMM Do YYYY, h:mm:ss a'),
|
moment(page.modified_date).format('MMMM Do YYYY, h:mm:ss a'),
|
||||||
"<div class='pull-right'><span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Page' onclick='edit(" + i + ")'>\
|
"<div class='pull-right'><span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Page' onclick='edit(" + i + ")'>\
|
||||||
<i class='fa fa-pencil'></i>\
|
<i class='fa fa-pencil'></i>\
|
||||||
|
|
|
@ -142,7 +142,7 @@ function load() {
|
||||||
profileTable.clear()
|
profileTable.clear()
|
||||||
$.each(profiles, function(i, profile) {
|
$.each(profiles, function(i, profile) {
|
||||||
profileTable.row.add([
|
profileTable.row.add([
|
||||||
profile.name,
|
escapeHtml(profile.name),
|
||||||
profile.interface_type,
|
profile.interface_type,
|
||||||
moment(profile.modified_date).format('MMMM Do YYYY, h:mm:ss a'),
|
moment(profile.modified_date).format('MMMM Do YYYY, h:mm:ss a'),
|
||||||
"<div class='pull-right'><span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Profile' onclick='edit(" + i + ")'>\
|
"<div class='pull-right'><span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Profile' onclick='edit(" + i + ")'>\
|
||||||
|
|
Loading…
Reference in New Issue