[WT-12172] [Security] [ZAP-Active Scan Alert] Remote OS Command Injection - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: Rejected
Priority: Medium
Resolution: Cannot Reproduce
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Environment:

Production
Bug Type:
Functional
Bug Severity:
Medium
Level:

Employee
Module:
BenAdmin
Reported by:
Harbinger
Company:
All Clients/Multiple Clients
Item State:
Development - In Analysis

Description

Description : Remote OS Command Injection

Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

URL
https://www.workterra.net/Platform/UserDetails/UserDetails?query=query%3Bsleep+15%3B
Method : GET
Parameter : query
Attack : query;sleep 15;

Please refer attached report for more details.

CC Samir Rakesh Roy Hrishikesh Deshpande Sachin Hingole Bharti Satpute Gaurav Sodani Nidhi Kaul anirudha joshi

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

EmployeeFlow_ZAP.html
98 kB
16/Nov/17 01:29 PM

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Prasad Pise (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Nov/17 01:29 PM

Updated:: 15/Dec/20 02:40 AM

Resolved:: 11/Dec/17 11:42 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: