From f367d5b38845e73b6e4963374c021e565283208d Mon Sep 17 00:00:00 2001
From: Michael Tremer
Date: Mon, 4 Apr 2016 14:22:56 +0100
Subject: [PATCH] ipinfo.cgi: Remove XSS vulnerability
References: #11087
Reported-by: Yann Cam
Signed-off-by: Michael Tremer
---
html/cgi-bin/ipinfo.cgi | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/html/cgi-bin/ipinfo.cgi b/html/cgi-bin/ipinfo.cgi
index 71098a2529..8cefe6e853 100644
--- a/html/cgi-bin/ipinfo.cgi
+++ b/html/cgi-bin/ipinfo.cgi
@@ -19,6 +19,7 @@
# #
###############################################################################
+use CGI;
use IO::Socket;
use strict;
@@ -34,18 +35,14 @@ my %cgiparams=();
&Header::showhttpheaders();
-&Header::getcgihash(\%cgiparams);
-
-$ENV{'QUERY_STRING'} =~s/&//g;
-my @addrs = split(/ip=/,$ENV{'QUERY_STRING'});
-
&Header::openpage($Lang::tr{'ip info'}, 1, '');
-
&Header::openbigbox('100%', 'left');
my @lines=();
my $extraquery='';
-foreach my $addr (@addrs) {
-next if $addr eq "";
+
+my $addr = CGI::param("ip") || "";
+
+if (&General::validip($addr)) {
$extraquery='';
@lines=();
my $whoisname = "whois.arin.net";
@@ -91,6 +88,14 @@ next if $addr eq "";
}
print "\n";
&Header::closebox();
+} else {
+ &Header::openbox('100%', 'left', $Lang::tr{'invalid ip'});
+ print <
+ $Lang::tr{'invalid ip'}
+
+EOF
+ &Header::closebox();
}
print <