-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Platform
-
Labels:None
-
Environment:Production
-
Module:BenAdmin - Security
-
Reported by:Support
-
Item State:Production Complete
-
Issue Importance:Must Have
Praetorian initially detected a SQL injection vulnerability after submitting a variety of malicious input
parameters to the GetEmployees endpoint. Praetorian used SQL injection payloads that caused the
application to demonstrate a noticeable difference in response time depending on the results of the
provided SQL query.
Page Name: Search Employee
Information Recovered:
SQL Server version number, Database version, Server name
System should not disclose this information to user.