[Multiple File Upload] FOD detects redirect vulnerability

[Multiple File Upload] FOD detects redirect vulnerability

  
Forge Component
(37)
Published on 19 Sep (4 weeks ago) by Caio Santana Magalhães
37 votes
Published on 19 Sep (4 weeks ago) by Caio Santana Magalhães

Hello,

We are using HP FOD tool for vulnerability testing. MultipleFileUpload ProcessFiles.aspx.cs was identified as having a possible breach because of redirect() use on line 515 (-- Response.Redirect(redirectUrl); --).


His there anything you can help us with (patch, workarround, arguments) so that we can solidly argument with the FOD team?

We are using Outsystems 10.0.604.0

Thank you in advance for the time you may invest on this matter.

Fernando Gameiro


Hi Fernando,


This is similar to the reply that Justin James gave you in CKEditor question:

https://www.outsystems.com/forums/discussion/27436/fod-detects-redirect-vulnerability/#Post100897

By the way, do you have more feedback regarding that FOD warnings?

How did work the solutions provided in the similar posts?

https://www.outsystems.com/forums/discussion/27439/fod-detects-redirect-vulnerability-html2topdfconverter/#Post100921

https://www.outsystems.com/forums/discussion/27438/fod-detects-redirect-vulnerability-officeutilssample/#Post100903


Best regards,

Daniel Martins


Hello Daniel,

this is not solvable. We need the components and Fortify does see the redirect. The only possible solution is to remove redirect... Fortify doesn't see the test block involving the redirect, neither the Fortify team cares much about that.

We are opening a security exception according to the company policies.

Thank you all for the help.