From 2c842ed36359d3ff89fa138709bcca368845649a Mon Sep 17 00:00:00 2001 From: Kris Anderson Date: Sun, 14 Jul 2019 03:04:14 +0100 Subject: [PATCH] Bug fixes - Create user bug fix, allowed any user to create a new user (inc admin accounts) - Removing debug code from web app --- FudgeC2/ServerApp/ImplantManager.py | 8 -------- FudgeC2/ServerApp/modules/UserManagement.py | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/FudgeC2/ServerApp/ImplantManager.py b/FudgeC2/ServerApp/ImplantManager.py index 16bb235..e5dc793 100644 --- a/FudgeC2/ServerApp/ImplantManager.py +++ b/FudgeC2/ServerApp/ImplantManager.py @@ -77,14 +77,6 @@ def page_not_found(e): # ------------------------------ # @app.route("/auth/login", methods=['GET', 'POST']) def login(): - #!! - dbg = False - if dbg == True: - UserObject = UsrMgmt.user_login("admin", "letmein") - login_user(UserObject) - return redirect(url_for("BaseHomePage")) - - if request.method == "POST": if 'email' in request.form and 'password' in request.form and request.form['email'] != None and request.form['password'] != None: UserObject = UsrMgmt.user_login(request.form['email'],request.form['password']) diff --git a/FudgeC2/ServerApp/modules/UserManagement.py b/FudgeC2/ServerApp/modules/UserManagement.py index fee35d6..ca0f9a4 100644 --- a/FudgeC2/ServerApp/modules/UserManagement.py +++ b/FudgeC2/ServerApp/modules/UserManagement.py @@ -18,7 +18,7 @@ def add_new_user(self, formdata=None, submitting_user=None): Result_Dict['reason'] = "Username too short" return Result_Dict U = self.db.user.Get_UserObject(submitting_user) - if U.admin: + if U.admin == 1: G = self.db.user.Get_UserObject(formdata['UserName']) admin = False if 'is_admin' in formdata: