-
Type:
Bug
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Platform
-
Labels:None
-
Environment:QA
-
Module:Platform - Security
-
Reported by:Harbinger
-
Item State:Production Complete
-
Issue Importance:Must Have
-
Sprint:Bugs-Must Fix- Pilot July2016
1] Login to the application on local environment using following URL:
https://wt-stage.harbinger.in
2] From Home page search and select a company for which testing needs to be carried out using "Search Company" section.
3] Click on "Ben Admin" menu.
4] Click on "Customizer" icon from left navigation menu.
5] Click on "Rates" link which is submenu of "Customizer", user gets navigate to "Rates" details page.
6] Click on "Import" button displaying at top right hand side of the "Rates" page, the "Rate Import" window gets poped up, click on “Add New Rate” tab.
7] Browse the file new rate file.
8] Now browse a image or .exe/.dll file with whose extension is tampered. (i.e. extension changed to .xlsm/.xlsx)
9] Click on "Upload" button.
Actual Result:
Application is allowing to upload such files and when user click on “Import Rate” button the Server error is displaying.
Expected Result:
Not supported extensions files (.txt, .pdf, image files, executable files etc) should not be get uploaded after tampering the extension.
Hi Kunal Kedari,
I tried uploading attached file "TestRateUsedForTesting.xls" on Stage Austin for HSPL company. It uploaded successfully. Please refer attached snapshot "screenshot-1.png"
This is not an issue. Issue is not reproducible.
We can deploy this change to Production.
Kunal Kedari (Inactive)
added a comment - Hi Vijayendra Shinde ,
We can deploy this change to Production. Fix is verified on Production environment, working as expected. Closing the issue.
Kunal Kedari (Inactive)
added a comment - Fix is verified on Production environment, working as expected. Closing the issue. 
Hi Vijayendra Shinde,
Test file is attached with ticket.