admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#39950 PENTEST Reflected XSS in sso parameter

Browse Source 
svn path=/Website/branches/v2016.3/; revision=33318
This commit is contained in:
Jos Groot Lipman
2017-03-29 14:45:16 +00:00
parent 36427042bf
commit 220808bd5c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/Shared/loginTry.asp
View File

@@ -223,7 +223,7 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case
+ " WHERE fac_idp_code = " + safe.quoted_sql(sso); + " WHERE fac_idp_code = " + safe.quoted_sql(sso);
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
if (oRs.Eof) if (oRs.Eof)
shared.internal_error("Identity provider '{0}' is not configured for {1}".format(sso, customerId)); shared.internal_error("Identity provider '{0}' is not configured for {1}".format(safe.html(sso), customerId));
var isFACFACinternal = oRs("fac_idp_internal").Value != 0; var isFACFACinternal = oRs("fac_idp_internal").Value != 0;
var ip_restrict = oRs("fac_idp_ipfilter").Value; var ip_restrict = oRs("fac_idp_ipfilter").Value;