-
Type: Bug
-
Status: Rejected
-
Priority: Medium
-
Resolution: Cancelled
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Stage
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Employee
-
Module:Platform - Security
-
Reported by:Harbinger
-
Item State:Development - On Hold
[Security] [ZAP-Active Scan Alert] Format String Error reported for LanguageName parameter.
Description
A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.
URL : https://stage.workterra.net/Platform/
Method : POST
Parameter :
LanguageName
Attack :
ZAP%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s%n%s
Solution :
Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.
Other information :
Potential Format String Error. The script closed the connection on a /%s
Please refer attached HTML report for more details.
CC : Rakesh RoySachin HingoleHrishikesh DeshpandeSamirVijayendra ShindeVijay SiddhaBharti SatputeGaurav SodaniNidhi Kaul
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
- To Do