Bug
Malicious request with arbitrary query parameter
Issue description
When anoymous may create instances of a topic type TT, a GET request to .form crafted with malicious intent is not reported and it is unclear what else happens and if the system is compromised. The attack is attempted with an additional query parameter, a short random character sequence, e.g. XmHU. The value of this parameter is an attack payload with numerous injection attempts (SQL, path & XSS).
Developer comments
The system behaves well. The form is displayed as it should be. The URL looks funny, but neither SQL injection, nor script injection has any effect. So no action required. The index does not display, but rather throws a JavaScript error.
For this attack to succeed, there would need to be an iteration over all query parameters, which there is not and will never be server side. Still it should be considered to 400 that.
|
Work sessions
Start |
2022-10-18T10:31:13
|
End |
2022-10-18T10:34:15
|
Participant |
Robert Cerny
|
|
We are sorry
This page cannot be displayed in your browser. Use Firefox, Opera, Safari, or Chrome instead.