simple-file-manager
simple-file-manager copied to clipboard
Published
20 hours ago •
jcampbell1
jcampbell1
Brute force attack Vulnerability (and fix by adding Re-Captcha V2)
I believe there's brute force attack vulnerability when we set the password
One protection is to add Google Re-Captcha (I use V2). Here's how to add it ( I also add submit button at the bottom )
On line 27-36, from this
if(!$_SESSION['_sfm_allowed']) {
// sha1, and random bytes to thwart timing attacks. Not meant as secure hashing.
$t = bin2hex(openssl_random_pseudo_bytes(10));
if($_POST['p'] && sha1($t.$_POST['p']) === sha1($t.$PASSWORD)) {
$_SESSION['_sfm_allowed'] = true;
header('Location: ?');
}
echo '<html><body><form action=? method=post>PASSWORD:<input type=password name=p autofocus/></form></body></html>';
exit;
}
change it into this
if(!$_SESSION['_sfm_allowed']) {
// sha1, and random bytes to thwart timing attacks. Not meant as secure hashing.
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
$secretKey = "Your Secret Key Here";
$url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha);
$response = file_get_contents($url);
$responseKeys = json_decode($response,true);
$t = bin2hex(openssl_random_pseudo_bytes(10));
if($_POST['p'] && sha1($t.$_POST['p']) === sha1($t.$PASSWORD)) {
if($responseKeys["success"]) {
$_SESSION['_sfm_allowed'] = true;
header('Location: ?');
}
}
echo '<html><script src="https://www.google.com/recaptcha/api.js" async defer></script><body><form action=? method=post>PASSWORD:<input type=password name=p autofocus/><div class="g-recaptcha" data-sitekey="Your Site Key Here"></div><input type="submit" value="Submit"></form></body></html>';
exit;
}
Edit: Using code tag to prevent code being cropped
