WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12172

[Security] [ZAP-Active Scan Alert] Remote OS Command Injection

    Details

    • Type: Bug
    • Status: Rejected
    • Priority: Medium
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Type:
      Functional
    • Bug Severity:
      Medium
    • Level:
      Employee
    • Module:
      BenAdmin
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Development - In Analysis

      Description

      Description : Remote OS Command Injection

      Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.

      URL
      https://www.workterra.net/Platform/UserDetails/UserDetails?query=query%3Bsleep+15%3B
      Method : GET
      Parameter : query
      Attack : query;sleep 15;

      Please refer attached report for more details.

      CC SamirRakesh RoyHrishikesh DeshpandeSachin HingoleBharti SatputeGaurav SodaniNidhi Kaulanirudha joshi

        Attachments

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            prasadp Prasad Pise (Inactive) made changes -
            Field Original Value New Value
            Link This issue relates to NF-2714 [ NF-2714 ]
            satyap Satya made changes -
            Assignee Satya [ ID10004 ] Santosh Balid [ santosh.balid ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: In Analysis(10204)
            santosh.balid Santosh Balid (Inactive) made changes -
            Remaining Estimate 0h [ 0 ]
            Time Spent 1h [ 3600 ]
            Worklog Id 92707 [ 92707 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Time Spent 1h [ 3600 ] 8h [ 28800 ]
            Worklog Id 93455 [ 93455 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Remaining Estimate 0h [ 0 ] 7h [ 25200 ]
            Time Spent 8h [ 28800 ] 1h [ 3600 ]
            Worklog Id 93455 [ 93455 ]
            Worklog Time Spent 7h [ 25200 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Assignee Santosh Balid [ santosh.balid ] Prasad Pise [ prasadp ]
            Resolution Cannot Reproduce [ 5 ]
            Status In Development [ 10007 ] Rejected [ 10004 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              prasadp Prasad Pise (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Time Spent - 1h Remaining Estimate - 7h
                  7h
                  Logged:
                  Time Spent - 1h Remaining Estimate - 7h
                  1h