FCLT#54901 Computest Pentest 4.2.4

svn path=/Website/trunk/; revision=39383
2018-10-12 13:57:51 +00:00
parent 6e2f5df2b4
commit b0532d510c
1 changed files with 4 additions and 0 deletions
--- a/APPL/Shared/m_connections.inc
+++ b/APPL/Shared/m_connections.inc
@@ -88,6 +88,10 @@ function SafeExec( sql, catchErrors ) {
        else
            __Log("Foutcode: " + _LastFacError.faccode + " niet gevonden in fac_message");
    }
+    if (RegExp(/^ORA-\d*:\s/).test(_LastFacError.friendlyMsg)) // prevent hacker-usable ORA- information in friendlyMsg
+    {
+      _LastFacError.friendlyMsg = _LastFacError.friendlyMsg.replace(/^ORA-\d*:\s/,"").replace(/\"{1}\w*\.{0,1}\w*\"{1}.{0,1}|\({1}\w*\.{0,1}\w*\){1}.{0,1}/g,"");
+    }
    if (!knownError)
    {
        if (!(__Logging & 1))