server
server copied to clipboard
hashtopolis
[BUG]: Wrong redirect when running behind nginx
Version Information
0.14.2
Hashcat
No response
Description
I have exposed hashtopolis to outside network through an nginx:
location /newhashtopolis
{
rewrite /newhashtopolis/(.*) /$1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_pass http://192.168.0.13:8080;
}
In the settings I specified that prefix:
I'm able to login and navigate to Tasks.
But when I try to enable/disable an agent, the redirect is done to /agent.php:
Server: nginx/1.25.4
Date: Mon, 25 Mar 2024 16:17:44 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/8.3.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: session=xxx; expires=Mon, 25 Mar 2024 17:17:44 GMT; Max-Age=3600; HttpOnly
Location: /agents.php
Which results in 404 error.
No matter what I put into "base path", it always redirects to /agents.php
This function may be the root cause, it performs redirect without taking into account the base: https://github.com/hashtopolis/server/blob/master/src/inc/Util.class.php#L701
This fixed my issue:
diff --git a/src/inc/Util.class.php b/src/inc/Util.class.php
index e64073a9..66a4fa4e 100755
--- a/src/inc/Util.class.php
+++ b/src/inc/Util.class.php
@@ -701,7 +701,7 @@ class Util {
public static function refresh() {
global $_SERVER;
- $url = $_SERVER['PHP_SELF'];
+ $url = SConfig::getInstance()->getVal(DConfig::BASE_URL) . $_SERVER['PHP_SELF'];
if (strlen($_SERVER['QUERY_STRING']) > 0) {
$url .= "?" . $_SERVER['QUERY_STRING'];
}
Found more places where redirect does not honor the base prefix: https://github.com/search?q=repo%3Ahashtopolis%2Fserver%20%26fw%3D&type=code
