[jira] [Commented] (FINERACT-1338) SQL Injection - While "runreports" api is trying to load report parameters

Fri, 30 Apr 2021 12:28:04 -0700 


    [ 
https://issues.apache.org/jira/browse/FINERACT-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17337584#comment-17337584
 ] 

Francis Guchie commented on FINERACT-1338:
------------------------------------------

Dear Kamlesh and all,

If you are deploying fineract-provider.war that is to say with tomcat, then
for every update of the war file you use you will have to delete the folder
namely C:\tomcat\webapps\fineract-provider. Reason is that for every first
time deployment of the war file, the folder is created and files added.
Subsequent restarts of the tomcat may or not change much in this folder

So for both my Windows and Linux servers, i always delete the deployed
folder when i change the fineract-provider.war for whatever reason


My Kind Regards

Francis Guchie Kirago
*Skype:* francisguchie
*Telegram: *232 79 19 44 07
*Whatsapp: *232 79 19 44 07
*LINKEDIN:* https://www.linkedin.com/in/francis-guchie-kirago-a4379617/
twitter: @FrancisGuchie












> SQL Injection - While "runreports" api is trying to load report parameters
> --------------------------------------------------------------------------
>
>                 Key: FINERACT-1338
>                 URL: https://issues.apache.org/jira/browse/FINERACT-1338
>             Project: Apache Fineract
>          Issue Type: Bug
>            Reporter: Francis Guchie
>            Assignee: Francis Guchie
>            Priority: Major
>         Attachments: image-2021-03-31-15-53-00-571.png, 
> image-2021-04-04-15-56-40-189.png
>
>
> After solving the error at FINERACT-1336 a new error shows up. 
> while api - runreports
> fineract-provider/api/v1/runreports/OfficeIdSelectOne?parameterType=true
> is spooling the report parameters, user will not see any error on the UI 
> !image-2021-03-31-15-53-00-571.png!
> but looking through the console OR postman you see error below
> {
>     "developerMessage": "The request was invalid. This typically will happen 
> due to validation errors which are provided.",
>     "httpStatusCode": "400",
>     "defaultUserMessage": "Unexpected SQL Commands found",
>     *"userMessageGlobalisationCode": "error.msg.found.sql.injection"*
> }



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to