DaloRadius CSRF / XSS / SQL Injectionl

RADIUS web management application

Brought to you by: lirantal

#53 DaloRadius CSRF / XSS / SQL Injectionl

Milestone: all

Status: open

Owner: nobody

Labels: sqli (1) vulnerabile (1) xss (1)

Priority: 1

Updated: 2013-11-02

Created: 2013-03-30

Creator: Anonymous

Private: No

Dali radius is suffering from CSRF / XSS / SQL Injectionl.
The bug is due to not sanitizing the GET POST fields Correctly..

For full detials
http://security-geeks.blogspot.com/2013/03/daloradius-csrf-xss-sql-injection.html

Discussion

Liran Tal - 2013-04-09

Indeed, it's a known issue and I've emailed on this previously on the community mailing list to inform users to only allow access to daloRADIUS web interface to trusted peers and take all measures to lock it down.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous - 2013-11-02

Are you going to fix this?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous