-
Type:
Enhancement
-
Status: Closed
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Platform
-
Labels:None
-
Module:Platform
-
Reported by:Support
-
Item State:Production Complete - Closed
-
Issue Importance:Must Have
- is caused by
-
WT-5315 PSMC in Stage - Ghost Record Issue
-
- Production Complete
-
Please check this fix after patch deployment
Prasad Pise Please chech security point.
Rashmita Dudhe Test this after deployment.
Verified on LB environment consider below scenario.
1]Import Employee with single quote Email address, name
2]Login to the system with generated User name like o'donald.test121172
3]adding employee through UI
4] also login to the system with generated user name.
Working fine.
Verified on Stage environment consider below scenario.
1]Import Employee with single quote Email address, name
2]Login to the system with generated User name like o'donald.test121172
3]adding employee through UI
4] also login to the system with generated user name.
Working fine.
Verified issue on Stage and Production environment for "User Name" field on login page. Tried with various SQL injections of different Payloads/inputs. No vulnerability found till now. WT_5525_SQLInjectionTest.xls
Verified on Production environment consider below scenario.
1]Import Employee with single quote Email address, name
2]Login to the system with generated User name like o'donald.test121172
3]adding employee through UI
4] also login to the system with generated user name.
Working fine.
We need to verify all logins for this fix to ensure logins on production.
Again, this fix needs to be tested for Security of Blind SQL injection.