Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Intelligence (Analytics)
BIRT SOAP Request can get tampered
zkhalid
Hi...
I need help regarding BIRT. using BIRT 2.3.2. I am using frameset servlet as a webviewer for displaying reports. Problem is with the SOAP request that gets send out within the frameset when u apply filters. The SOAP request can easily be tampered using Mozilla Browser which causes vulnerability issues.
Please suggest a solution of how to fix this.
Find more posts tagged with
Comments
Virgil Dodson
Hi zkhalid,<br />
<br />
Can you provide more details about what you are doing... and what you mean by "when u apply filters" from the viewer?<br />
<br />
If you believe there is something vulnerable that the viewer is allowing, please report that at <a class='bbc_url' href='
http://www.birt-exchange.org/bug-reporting/'>Report
Bugs - BIRT Exchange</a><br />
<br />
I'm going to move this thread to the Deploying Forum.
zkhalid
Well applying filters means ---> I have setup some report parameters that an end-user can change, which results in filtering the data. What i have done is if you select any report parameter value other than null I add the where clause to the queryText in beforeOpen method.... Working fine. But I was surprised that in webviewer when clicked on ok in report parameters SOAP request is generated. Now what i can do is change the values for SOAP request using mozilla browser and volla SQL injection....... Can u verify if this is an issue or not???
Virgil Dodson
Please report this to the link above so they can investigate.
Thanks
johnw
I'm not sure that I would classify this as a problem with BIRT so much as I would a problem with the report design. Anytime you modify a SQL statement programatically, you open yourself up to a potential SQL Injection attacks. This is why by default, BIRT uses binding in the where clause, not dynamically generated where clauses.
If your going to do dynamically generated where clause in the beforeOpen event, then be sure to do input validation on input parameters (validate length, validate no special characters, etc) in either the beforeOpen or validate events.
