WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-3873

Verify OR logical condition with single quote for SQL Injection

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: BenAdmin
    • Labels:
      None
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete - Closed

      Description

      We need to verify OR condition for SQL injection. Scenario which was tried to save is as mentioned below-

      asdf' OR '1'='1

      We have verified OR with single quote and at least one space before and after OR.

        Attachments

        1. image006.png
          0.7 kB
          Samir
        2. WT-3873.doc
          268 kB
          Prasad Pise

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Assignee Vijay Siddha [ vijays ] Deepali Tidke [ deepalit ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status New Request [ 10029 ] Pending for Approval [ 10002 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Pending for Approval [ 10002 ] Approved for Development [ 10003 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Approved for Development [ 10003 ] In Development [ 10007 ]
          gokul.sonawane Gokul Sonawane (Inactive) made changes -
          Item State Parent values: LB QA(10201) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          deepalit Deepali Tidke (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: LB QA(10201)Level 1 values: In Testing(10210)
          prasadp Prasad Pise (Inactive) made changes -
          Attachment WT-3873.doc [ 24007 ]
          prasadp Prasad Pise (Inactive) made changes -
          Attachment WT-3873.doc [ 24007 ]
          prasadp Prasad Pise (Inactive) made changes -
          Attachment WT-3873.doc [ 24507 ]
          deepalit Deepali Tidke (Inactive) made changes -
          Assignee Deepali Tidke [ deepalit ] Prasad Pise [ prasadp ]
          samir Samir made changes -
          Attachment image006.png [ 24732 ]
          prasadp Prasad Pise (Inactive) made changes -
          Attachment WT-3873.doc [ 24507 ]
          prasadp Prasad Pise (Inactive) made changes -
          Attachment WT-3873.doc [ 25623 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Assignee Prasad Pise [ prasadp ] Vijayendra Shinde [ ID10506 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: In Testing(10210) Parent values: LB QA(10201)Level 1 values: Re-open(10212)
          ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: Re-open(10212) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
          ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Prasad Pise [ prasadp ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Reopen in Local [ 10018 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Reopen in Local [ 10018 ] In Development [ 10007 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Pending for Stage Approval [ 10300 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Pending for Stage Approval [ 10300 ] Approved for Stage [ 10030 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Approved for Stage [ 10030 ] Stage Testing [ 10201 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Stage Testing [ 10201 ] Pending for Production Approval [ 10301 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Pending for Production Approval [ 10301 ] Approved for production [ 10034 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Approved for production [ 10034 ] Production Testing [ 10202 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production Complete(10222)Level 1 values: Closed(10223)
          prasadp Prasad Pise (Inactive) made changes -
          Status Production Complete [ 10028 ] Closed [ 6 ]

            People

            Assignee:
            prasadp Prasad Pise (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: