WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-4999

Blind SQL Injection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Platform
    • Labels:
      None
    • Environment:
      Production
    • Module:
      BenAdmin - Security
    • Reported by:
      Support
    • Item State:
      Production Complete
    • Issue Importance:
      Must Have

      Description

      Praetorian initially detected a SQL injection vulnerability after submitting a variety of malicious input
      parameters to the GetEmployees endpoint. Praetorian used SQL injection payloads that caused the
      application to demonstrate a noticeable difference in response time depending on the results of the
      provided SQL query.

      Page Name: Search Employee

      Information Recovered:
      SQL Server version number, Database version, Server name

      System should not disclose this information to user.

        Attachments

          Activity

          No work has yet been logged on this issue.

            People

            Assignee:
            prasadp Prasad Pise (Inactive)
            Reporter:
            vijayendra Vijayendra Shinde (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: