[Multiple File Upload] FOD detects redirect vulnerability

[Multiple File Upload] FOD detects redirect vulnerability

Forge Component
Published on 2016-09-06 by - -
33 votes
Published on 2016-09-06 by - -


We are using HP FOD tool for vulnerability testing. MultipleFileUpload ProcessFiles.aspx.cs was identified as having a possible breach because of redirect() use on line 515 (-- Response.Redirect(redirectUrl); --).

His there anything you can help us with (patch, workarround, arguments) so that we can solidly argument with the FOD team?

We are using Outsystems 10.0.604.0

Thank you in advance for the time you may invest on this matter.

Fernando Gameiro

Hi Fernando,

This is similar to the reply that Justin James gave you in CKEditor question:


By the way, do you have more feedback regarding that FOD warnings?

How did work the solutions provided in the similar posts?



Best regards,

Daniel Martins

Hello Daniel,

this is not solvable. We need the components and Fortify does see the redirect. The only possible solution is to remove redirect... Fortify doesn't see the test block involving the redirect, neither the Fortify team cares much about that.

We are opening a security exception according to the company policies.

Thank you all for the help.