-
Type:
Bug
-
Status: Open
-
Priority:
High
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Pre Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Admin, Employee, Partner
-
Module:BenAdmin - Security
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:Development - On Hold
-
Mobile Platform :Web Service
Environment: Pre-production
Steps to Repro:
1. Launch pre-prod using the link "https://preprod.workterra.net/Platform/Login/Login/"
2. Try tampering this link by appending different combinations of number, special chars, words and hit enter.
3. Verify that all combinations are handled and no stack trace displayed on the login page.
Actual Result: The stack trace along with server error "Server Error in '/Platform' Application." is displayed on screen.
Expected Result: After the link tampering actual application link "https://preprod.workterra.net/Platform/Login/Login/" should be redirected again.
Combinations used for link tampering:-
https://preprod.workterra.net/Platform/Login/Login/select * from employee
https://preprod.workterra.net/Platform/Login/Login/select
https://preprod.workterra.net/Platform/Login/Login/-1
https://preprod.workterra.net/Platform/Login/Login/**
https://preprod.workterra.net/Platform/Login/Login/1=1
https://preprod.workterra.net/Platform/Login/Login/!!
https://preprod.workterra.net/Platform/Login/Login/update
There can be many combinations like this.
Note: This has been verified on production link "https://www.workterra.net/Platform/Login/Login/" and no stack trace was displayed
CC: Prasad Pise Samir Rakesh Roy Vijayendra Shinde Bharti Satpute
