MVC kendo Gird page Vulnerability

2 posts, 0 answers
  1. Roger
    Roger avatar
    1 posts
    Member since:
    Jan 2015

    Posted 13 Jan 2015 Link to this post

    Hi,
    I am try to looking for the solution to fix  kendo Grid's vulnerability, the vulnerability had find by WebInpsect vulnerability scanner.
    when the scanner send a attack post parameter like:

    sort=%0d%0aSPIHeader:%20SPIValue&page=1&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword=

    the scanner attack sort parameter,  I got a error  "DbSortClause expressions must have a type that is order comparable.", that seems sort parameter value problem, but I never assign sort parameter,

    another problem is the scanner send another attach paramter "sort=&page=1%0d%0aSPIHeader:%20SPIValue&pageSize=6&group=&filter=&AreaId=-1&DisciplineId=-1&FieldId=-1&MajorId=-1&Keyword="
    I got a exception 
     System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +14345541

    It's seems another Poor Error Handling issue in kendo grid.

    Can any one give me some suggestion to fix those problems ?

    Thanks, Regards,
    Roger Hsu










  2.
  3. Dimo
    Admin
    Dimo avatar
    8486 posts

    Posted 16 Jan 2015 Link to this post

    Hello Roger,

    In order to benefit from our support service, your account must be in good standing and be associated with an active commercial or trial license.

    Regards,
    Dimo
    Telerik

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

Back to Top