You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It has been evidenced that the "rows" parameter in "/admin/XXXXXXXX/jsonGrid" queries is vulnerable to SQL injection attacks, this would allow an attacker to extract sensitive and relevant information stored in the database.
To Reproduce
Steps to reproduce the behavior:
The following illustration shows the evidence of the server response with a SQL error when providing a single quotation mark in the "rows" parameter, returning the query being performed by the application:
Through an automated tool, it is shown that a remote and unauthenticated attacker would be able to identify two possible types of SQL injections and extract the databases.
Expected behavior
This resource should not be visible to unauthenticated users in the application (reported in the issue 259).
On the other hand, mitigation guidelines should be followed:
Use pre-built statements, parameterized queries or stored procedures to ensure that SQL elements in user input fields are never treated as genuine queries.
Validate user input using an allow list to prevent unwanted data from being sent to the database.
Display only generic error messages to users (hackers can get a lot of information from specific error messages related to failed queries).
The text was updated successfully, but these errors were encountered:
Describe the bug
It has been evidenced that the "rows" parameter in "/admin/XXXXXXXX/jsonGrid" queries is vulnerable to SQL injection attacks, this would allow an attacker to extract sensitive and relevant information stored in the database.
To Reproduce
Steps to reproduce the behavior:
The following illustration shows the evidence of the server response with a SQL error when providing a single quotation mark in the "rows" parameter, returning the query being performed by the application:
Through an automated tool, it is shown that a remote and unauthenticated attacker would be able to identify two possible types of SQL injections and extract the databases.
Expected behavior
This resource should not be visible to unauthenticated users in the application (reported in the issue 259).
On the other hand, mitigation guidelines should be followed:
The text was updated successfully, but these errors were encountered: