Project SimpleProject Type: software

Project Simple

Uploaded image for project: 'Project Simple'
  1. Project Simple
  2. ST-256

SQL Injection : Block use of OR condition as input with quote

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Critical
    • Resolution: Unresolved
    • Component/s: None
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Item State:
      Development - Ready for Local Testing
    • Issue Importance:
      Must Have

      Description

      When we add input on notes category like asdf' or '1'='1 , category is getting added successfully.

      We should block use of OR with '. it should show sql injection character message.

        Attachments

          Activity

          Descending order - Click to sort in ascending order
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Duplicate with : WT-3873: Verify OR logical condition with single quote for SQL Injection

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Duplicate with : WT-3873 : Verify OR logical condition with single quote for SQL Injection
          Hide
          Permalink
          vijayendra Vijayendra Shinde (Inactive) added a comment -

          Affected files:
          1. trunk\WORKTERRAweb\Web\SharedFunctionWebTier\SharedFunctionWebTier\Modules\CustomModelBinder.cs

          2. trunk\WORKTERRAweb\Web\Web Projects\Web.config

          We have added new tag in config which will decide if we need to validate or condition or not. This tag is added to give flexibility of use of OR in input.

          <add key="ValidateOROperatorForSQLInjection" value="true" />

          Show
          vijayendra Vijayendra Shinde (Inactive) added a comment - Affected files: 1. trunk\WORKTERRAweb\Web\SharedFunctionWebTier\SharedFunctionWebTier\Modules\CustomModelBinder.cs 2. trunk\WORKTERRAweb\Web\Web Projects\Web.config We have added new tag in config which will decide if we need to validate or condition or not. This tag is added to give flexibility of use of OR in input. <add key="ValidateOROperatorForSQLInjection" value="true" />

            People

            Assignee:
            Unassigned
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Developer:
            Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: