vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-30 16:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
6080 commits 26 branches 19 tags 446 MiB
Commit graph

23 commits

Author SHA1 Message Date
Simone Mainardi
b41eeffba7 [Security] Fixes possible stored XSS in runtime.lua 
XSS attempts were output to the ntopng logs for example as:

14/Mar/2019 12:53:07 [LuaEngine.cpp:9164] WARNING: Script failure [/home/simone/ntopng/scripts/lua/about.lua][/home/simone/ntopng/scripts/lua/modules/http_lint.lua:1555: [LINT] _POST["ntopng_license"] = "'><script>alert(2)</script>" parameter error: Validation error]

When page runtime.lua was reading logs to show them, the JS was interpreted and scripts were executed.

Fixes

XSS3 | Stored

URL
http://192.168.2.200:3000/lua/runtime.lua

METHOD
Get
 2019-03-14 13:01:13 +01:00
emanuele-f
8977ac81f6 Add ntopng process memory chart 2019-03-05 13:59:38 +01:00
Simone Mainardi
e4b5fd7a3a Breaks about page into system and ntopng 2019-01-04 14:57:53 +01:00
Simone Mainardi
931f2c59c7 Changes n2disk-ntopng files to prevent overwrites 2019-01-04 11:35:56 +01:00
Simone Mainardi
b738e73ea5 Fixes missing storage utilization on Windows 2018-12-20 17:24:15 +01:00
emanuele-f
96ce6c0cf5 Improve stackedProgressBars 2018-12-13 17:26:55 +01:00
Alfredo Cardigliano
6015642754 Added links in the storage breakdown chart 2018-12-12 23:15:29 +01:00
Alfredo Cardigliano
cc8e951933 Setting width to force the stackedProgressBars components to render always with the same size 2018-12-12 18:03:44 +01:00
Alfredo Cardigliano
a3d370ea7e Global storage utilization in Runtime Status 2018-12-12 16:23:34 +01:00
Alfredo Cardigliano
308f6cd804 Page titles 2018-11-29 12:37:01 +01:00
emanuele-f
129e824eea Add InfluxDB information in runtime status and about page 
Closes #2010
 2018-09-12 18:05:20 +02:00
Luca Deri
adf868bf0b Fixed empty pid on windows 2018-04-16 00:37:34 +02:00
Luca Deri
00004494bf Reworked alarms 
Added informative message at ntopng startup/shutdown
 2018-04-13 17:19:58 +02:00
Luca Deri
f0c936c368 Updated (C) to 2018 2018-03-22 21:59:42 +01:00
Luca
c89fda21b5 FIxed ntopng versions inconsistency 2017-06-15 22:23:10 -04:00
Simone Mainardi
d3ef896564 Conditionally hides CPU/ram when not available 2017-05-15 12:23:59 +02:00
Simone Mainardi
5962cd6293 Moves CPU and RAM info to runtime status 2017-05-15 12:14:57 +02:00
emanuele-f
1c38df48c9 Unify character encoding header code 2017-05-04 17:12:06 +02:00
emanuele-f
076bb05450 Localize about and runtime pages 2017-04-03 11:18:03 +02:00
Emanuele Faranda
afdfac1c9c Lua scripts parameters validation (#970) 
* partial work

* Migrate 'mode' parameters

* Migrate alerts types

* Fix some interface ids

* Partial work

* Partial work

* End of work for _GET parameters

* Work in progress

* Add support for special parameters

* Preferences validation

* Fixes and improvements

* Enforce interger validation
 2017-02-08 12:25:35 +01:00
emanuele-f
05d4956fbd Adds missing quotes to href attributes 2017-02-02 15:52:09 +01:00
Luca
30e1a75f98 (C) update 2017-01-10 15:03:16 -08:00
Luca Deri
306d4c1aaf Added runtime status to ease debugging and support. The new entry has been added to the home menu (below about) 2016-06-02 11:37:47 +02:00