Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12172

[Security] [ZAP-Active Scan Alert] Remote OS Command Injection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Rejected
    • Priority: Medium
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Employee
    • Module:
      BenAdmin
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Development - In Analysis

      Description

      Description : Remote OS Command Injection

      Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

      URL
      https://www.workterra.net/Platform/UserDetails/UserDetails?query=query%3Bsleep+15%3B
      Method : GET
      Parameter : query
      Attack : query;sleep 15;

      Please refer attached report for more details.

      CC SamirRakesh RoyHrishikesh DeshpandeSachin HingoleBharti SatputeGaurav SodaniNidhi Kaulanirudha joshi

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Time Spent - 1h Remaining Estimate - 7h
                  7h
                  Logged:
                  Time Spent - 1h Remaining Estimate - 7h
                  1h