Skip to content

Web Parameter Tampering on /login?errorMsg #20216

Closed
@MauroEldritch

Description

@MauroEldritch

What kind of request is this (question/bug/enhancement/feature request): Enhancement

Steps to reproduce (least amount of steps as possible):

/login?errorMsg=%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6f%77%61%73%70%2e%6f%72%67%2f%69%6e%64%65%78%2e%70%68%70%2f%57%65%62%5f%50%61%72%61%6d%65%74%65%72%5f%54%61%6d%70%65%72%69%6e%67

Result: It will display a link to OWASP Wiki explaining Web Parameter Tampering.

Other details that may be helpful: Tags are effectively filtered.

Environment information

  • Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): 2.1.4
  • Installation option (single install/HA): *

Cluster information

  • Cluster type (Hosted/Infrastructure Provider/Custom/Imported):
  • Machine type (cloud/VM/metal) and specifications (CPU/memory):
  • Kubernetes version (use kubectl version):
N/A
  • Docker version (use docker version): *
N/A

Metadata

Metadata

Labels

area/apikind/bugIssues that are defects reported by users or that we know have reached a real release

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions