Bug #12300: [BIF-19508] CI-Portal Disabled input can still be Inject on the server application - BIFAST Internal Testing (SIT) - Penril Support System

Bug #12300

[BIF-19508] CI-Portal Disabled input can still be Inject on the server application

Added by Siti Norahayu Mohd Desa about 3 years ago. Updated about 3 years ago.

Status:

Work Completed-End life cycle

Start date:

September 07, 2021

Priority:

Normal

Due date:

September 08, 2021

Assignee:

Siti Norahayu Mohd Desa

% Done:

100%

Category:

Spent time:

2.00 hours

Target version:

Description

Findings: in several menu, user can change disabled inputs

In "edit" or "update" screens, there are several fields that is disabled / not expected to be changed by the user. But by using inspector, we could removing disabled="disabled", edit the field and the server saves the new field value.

Impacted menu that we found during the test:

Admin user maintenance
Participant maintenance
Participant group maintenance

Note: because of conflicting change with Functional SIT testing, we couldn't verify all function of this bug. We hope the developer can analyze the application fully, not only the three menu that we found out above.

Steps:

Open the enquiry screen of the function, search and click on edit / pencil button.
By using inspector, remove disabled="disabled", edit the field value
click Next button
If in the confirmation screen the field is reset, repeat step 2 in the confirmation screen
click Confirm button
Verify bu using the view / eye button from enquiry screen

Recommendation: All disabled fields should be rejected by the server (need update to server-processing logic)

History

#1 Updated by Ngoh Chee Ping about 3 years ago

Status changed from New - Begin Life Cycle to Internal Testing
Assignee changed from Ngoh Chee Ping to Siti Norahayu Mohd Desa
% Done changed from 0 to 100

Fixed , will be deploy to version 2.0.36

#2 Updated by Siti Norahayu Mohd Desa about 3 years ago

Status changed from Internal Testing to User Acceptance Test

Send for user retest.

#3 Updated by Siti Norahayu Mohd Desa about 3 years ago

Description updated (diff)

#4 Updated by Siti Norahayu Mohd Desa about 3 years ago

Status changed from User Acceptance Test to Work Completed-End life cycle

Issue have been closed by Pandu on 07 Sept 2021

Also available in: Atom PDF

A- Active Projects » BI FAST » BIFAST Internal Testing (SIT)

Issues