WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-4999

Blind SQL Injection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Environment:
      Production
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete
    • Issue Importance:
      Must Have

      Description

      Praetorian initially detected a SQL injection vulnerability after submitting a variety of malicious input
      parameters to the GetEmployees endpoint. Praetorian used SQL injection payloads that caused the
      application to demonstrate a noticeable difference in response time depending on the results of the
      provided SQL query.

      Page Name: Search Employee

      Information Recovered:
      SQL Server version number, Database version, Server name

      System should not disclose this information to user.

        Attachments

          Activity

          Ascending order - Click to sort in descending order
          vijayendra Vijayendra Shinde (Inactive) created issue -
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Field Original Value New Value
          Assignee Amnesh Goel [ amnesh.goel ] Vijayendra Shinde [ ID10506 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Status Open [ 1 ] In Development [ 10007 ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Assignee Vijayendra Shinde [ ID10506 ] Prasad Pise [ prasadp ]
          vijayendra Vijayendra Shinde (Inactive) made changes -
          Item State Parent values: Development(10200)Level 1 values: Ready for Local Testing(10209) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          gokul.sonawane Gokul Sonawane (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602)
          rakeshr Rakesh Roy (Inactive) made changes -
          Status In Development [ 10007 ] Local Testing [ 10200 ]
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Local Testing [ 10200 ] Stage Testing [ 10201 ]
          ashwin.wankhede Ashwin Wankhede (Inactive) made changes -
          Item State Parent values: Stage QA(10202)Level 1 values: Stage Deployed(11602) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          khandu.kshirsagar Khandu Kshirsagar (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: LB QA(10201)Level 1 values: LB Deployed(11600)
          rakeshr Rakesh Roy (Inactive) made changes -
          Item State Parent values: LB QA(10201)Level 1 values: LB Deployed(11600) Parent values: Production QA(10203)Level 1 values: Production Deployed(10221)
          rakeshr Rakesh Roy (Inactive) made changes -
          Status Stage Testing [ 10201 ] Production Testing [ 10202 ]
          prasadp Prasad Pise (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status Production Testing [ 10202 ] Production Complete [ 10028 ]
          prasadp Prasad Pise (Inactive) made changes -
          Status Production Complete [ 10028 ] Closed [ 6 ]
          prasadp Prasad Pise (Inactive) made changes -
          Item State Parent values: Production QA(10203)Level 1 values: Production Deployed(10221) Parent values: Production Complete(10222)
          satyap Satya made changes -
          Environment_New Production [ 18442 ]

            People

            Assignee:
            prasadp Prasad Pise (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: