displaying top 100 results
Tracker Comment Comment on Body Ignored in CFHTTP DELETE by Peter v.
Comment on Body Ignored in CFHTTP DELETE by Peter v.
Tracker Issue SQLi allowed inside any cfif
2673389 CF-4126656 Security Analyzer Peter Freitag SQLi allowed inside any cfif Duplicate ID: CF-4026201
Problem Description: If you wrap a variable with a it will not flag SQLi
Steps to Reproduce:
SELECT * FROM table
ORDER BY #url.sort#
Actual Result: Nothing
Tracker Issue Server timeout
2673512 CF-4126466 Language : Application Framework Frédéric Peters Server timeout Problem Description:
a page with http-equiv refresh generates this:
Server Timeout
body {
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSU
(...)
Server
2673386 CF-4126661 Security Analyzer Peter Freitag OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS Duplicate ID: CF-4026100
Problem Description: The encodeForHTML function is designed to be used in the body of a HTML tag only, not in a HTML attribute, not in CSS
2673388 CF-4126659 Security Analyzer Peter Freitag Security Analyzer XSS Warning on XmlFormat HTMLEditFormat Duplicate ID: CF-4026103
Problem Description: If I set url.id = Int(url.id) and then output XmlFormat(url.id) HTMLEditFormat(url.id) and simply #url.id# -- no warning is triggered for #url
Tracker Issue query without cfqueryparam strange behaviour
2673548 CF-4126422 Language Frédéric Peters query without cfqueryparam strange behaviour Problem Description:
SELECT * , Products.titre,Products.CategoryID, Products.cptxt
FROM NewPhotos
INNER JOIN Products on Products.ItemID = NewPhotos.ItemID
where NewPhotos.ItemID = 224888
==> #query1