This is a migrated thread and some comments may be shown as answers.

MVC kendo Gird page Vulnerability

1 Answer 89 Views
Grid
This is a migrated thread and some comments may be shown as answers.
Roger
Top achievements
Rank 1
Roger asked on 13 Jan 2015, 02:54 PM
Hi,
I am try to looking for the solution to fix  kendo Grid's vulnerability, the vulnerability had find by WebInpsect vulnerability scanner.
when the scanner send a attack post parameter like:

sort=%0d%0aSPIHeader:%20SPIValue&page=1&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword=

the scanner attack sort parameter,  I got a error  "DbSortClause expressions must have a type that is order comparable.", that seems sort parameter value problem, but I never assign sort parameter,

another problem is the scanner send another attach paramter "sort=&page=1%0d%0aSPIHeader:%20SPIValue&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword="
I got a exception 
 System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +14345541

It's seems another Poor Error Handling issue in kendo grid.

Can any one give me some suggestion to fix those problems ?

Thanks, Regards,
Roger Hsu










1 Answer, 1 is accepted

Sort by
0
Dimo
Telerik team
answered on 16 Jan 2015, 09:48 AM
Hello Roger,

In order to benefit from our support service, your account must be in good standing and be associated with an active commercial or trial license.

Regards,
Dimo
Telerik

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Tags
Grid
Asked by
Roger
Top achievements
Rank 1
Answers by
Dimo
Telerik team
Share this question
or