Thank you for the fast response, this are all well noted. Will discuss with the team regarding these. Will let you know of any concerns on Umbraco regarding the testing of our site.
Yes errors are fine, it's throwing exceptions because the data you are passing in to it isn't able to be decoded, unencrypted or parsed.
You should not rely on these automated tests and the errors they return, you should follow up with these concerns to see if you can actually exploit them.
Blind SQL injection
Hi, upon testing website using acunetix. The scan detected blind SQL injection. How can we resolved it?
Currently have read below links. https://umbraco.com/products/umbraco-cms/security/ https://our.umbraco.org/forum/core/general/33257-Sql-Injection
Send us an email at [email protected] ?
Hi Sir Sebastiaan, copy Sir.
Hi Sir, already sent an email. Thank you.
Hi,
This is a false positive. These automatic scans will always yield false positives and it is your responsibility to verify that a real problem exists.This field is used for routing only and you can see the source code of where it is used here: https://github.com/umbraco/Umbraco-CMS/blob/dev-v7/src/Umbraco.Web/Mvc/RenderRouteHandler.cs
If you have details on a specific ways to exploit a security issue please let us know @ [email protected]
Hi Sir Shannon,
Thank you for the fast response, this are all well noted. Will discuss with the team regarding these. Will let you know of any concerns on Umbraco regarding the testing of our site.
Thank you.
Hi Umbraco Security,
As per our Information Security, upon changing values on the hidden fields during testing, our system encountered errors. Is it acceptable?
Thank you.
Yes errors are fine, it's throwing exceptions because the data you are passing in to it isn't able to be decoded, unencrypted or parsed.
You should not rely on these automated tests and the errors they return, you should follow up with these concerns to see if you can actually exploit them.
is working on a reply...