TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
paresh gugale
NA
43
59.5k
Access Control : Database
Jul 1 2015 7:44 AM
In website i can access some data from database. That data is also uploaded.
But at time of security audit it gives problem as belowed
Upload.aspx.cs, line 35 (Access Control: Database)
Fortify Priority: High
Folder High
Kingdom: Security Features
Abstract: Without proper access control, the method Button1_Click() in Upload.aspx.cs can execute a SQL statement on line 35 that contains an attacker-controlled primary key, thereby allowing the attacker to access unauthorized records.
Source: Upload.aspx.cs:28 System.Web.UI.WebControls.TextBox.get_Text() 26 protected void Button1_Click(object sender, EventArgs e)
27 {
28 string des = ReplaceNewLines(TextBox1.Text, true);
29
30 using (SqlConnection con = new SqlConnection(constr))
Sink: Upload.aspx.cs:35 System.Data.SqlClient.SqlParameterCollection.AddWithValue()
33 {
34 cmd.CommandText = "update messages set msg=@msg where mperson=@mperson";
35 cmd.Parameters.AddWithValue("@msg", des);
36 cmd.Parameters.AddWithValue("@mperson", DropDownList1.SelectedValue.ToString());
37 cmd.Connection = con;.
Reply
Answers (
0
)
System Information leak external
Asp.net Page Life Cycle