Hi,
I am try to looking for the solution to fix kendo Grid's vulnerability, the vulnerability had find by WebInpsect vulnerability scanner.
when the scanner send a attack post parameter like:
sort=%0d%0aSPIHeader:%20SPIValue&page=1&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword=
the scanner attack sort parameter, I got a error "DbSortClause expressions must have a type that is order comparable.", that seems sort parameter value problem, but I never assign sort parameter,
another problem is the scanner send another attach paramter "sort=&page=1%0d%0aSPIHeader:%20SPIValue&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword="
I got a exception
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +14345541
It's seems another Poor Error Handling issue in kendo grid.
Can any one give me some suggestion to fix those problems ?
Thanks, Regards,
Roger Hsu
I am try to looking for the solution to fix kendo Grid's vulnerability, the vulnerability had find by WebInpsect vulnerability scanner.
when the scanner send a attack post parameter like:
sort=%0d%0aSPIHeader:%20SPIValue&page=1&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword=
the scanner attack sort parameter, I got a error "DbSortClause expressions must have a type that is order comparable.", that seems sort parameter value problem, but I never assign sort parameter,
another problem is the scanner send another attach paramter "sort=&page=1%0d%0aSPIHeader:%20SPIValue&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword="
I got a exception
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +14345541
It's seems another Poor Error Handling issue in kendo grid.
Can any one give me some suggestion to fix those problems ?
Thanks, Regards,
Roger Hsu
1 Answer, 1 is accepted
0
Hello Roger,
In order to benefit from our support service, your account must be in good standing and be associated with an active commercial or trial license.
Regards,
Dimo
Telerik
In order to benefit from our support service, your account must be in good standing and be associated with an active commercial or trial license.
Regards,
Dimo
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.