-
Type: Bug
-
Status: Rejected
-
Priority: Medium
-
Resolution: Cannot Reproduce
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:Production
-
Bug Type:Functional
-
Bug Severity:Medium
-
Level:Employee
-
Module:BenAdmin
-
Reported by:Harbinger
-
Company:All Clients/Multiple Clients
-
Item State:Development - In Analysis
Description : Remote OS Command Injection
Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.
URL
https://www.workterra.net/Platform/UserDetails/UserDetails?query=query%3Bsleep+15%3B
Method : GET
Parameter : query
Attack : query;sleep 15;
Please refer attached report for more details.
CC SamirRakesh RoyHrishikesh DeshpandeSachin HingoleBharti SatputeGaurav SodaniNidhi Kaulanirudha joshi
- relates to
-
NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.
- To Do