Bug on NethServer demo?

Bug
,
1

On diaspora* I was notified of the following:

Ok, since you mentioned it, Nethserver gives a 5xx error when probing for js injections. See the logs of the demo server :slight_smile:

Anyone can check those logfiles and explain what might be the problem?
@giacomo @davidep @alefattorini

2

I don’t get it.
I’ve just opened the dashboard and it’s working.

What is broken?

3

I don’t know if there is anything broken. I understood there seems to be a vulnerability for js injection… I can ask more info on what this person has done to get the error 5xx when attempting to conduct a js injection?
Anything in the logs?

4

nethserver
nethserver.png916×526 75.2 KB

Sorry to barge in but it might be good to see how it is done. The screenshot shows it.

1 Like
5

So… trying to enter an js/SQL injection in the searchfield on the top left introduces a “500 internal server error”
Would this be a risk that needs attention?

6

Thank you for the screenshot, I used it for reproducing the problem :slight_smile:

For sure is not a risk: the demo is NO a NethServer. It’s just mock machine running on docker. Basically it’s only the web interface. You have the same error even if you type something normal on the search filter (like “mail”).

7

I did not state it was a security risk but me and Rob where discussing something else and therefor I tried a js injection.

1 Like
8

Just for the record, I tried to insert the code

‘’;<!–"alert(document.cookie)

in the searchbox of a live NethServer. There was no visual return. I could not find any reference to the faulty input in /var/log/messages nor in /var/log/httpd-admin/error_log or /var/log/httpd-admin/access_log

9

Logs might not log POST commands which we are probably talking about. I assume some ajax code is used to return a lot of entries one might look for just like google does.

Logging POST command can be very useful but also take up a lot of space in the database or logfiles itself.

What is happening here , at the demoserver, is probably a waf that is returning a 5xx instead of a 4xx which should be a proper respons. A 5xx is a real server problem.

10

@robb

If you want a real report of what might be wrong with the product you can either try to get someone with a payed solution to scan the software or use some oss products that might give more details but only in plain text, no fancy manager stuff :wink:

I did work with both products but if you start to use it then be prepared to use it as a continous check that will keep people informed.