Vulnerability OSSESSIONID - SQL Injection

Vulnerability OSSESSIONID - SQL Injection

  

Hi there,

I am wondering (i do not have knowledge on security): if the OSSESSIONID is known using a hacking tool (say it Burp), can it be used to SQL injection? 

regards,

Hi Pasar,

If you have no knowledge on security, why do you think having a session ID allows SQL injection? SQL injection can occur when you put external input (e.g. from user input or REST service) directly in a SQL query, but I fail to see what this has to do with the session ID?

hi Sir,

Thank you, it comes from Security Company that is hired. I have called them to demo the vulnerability, may be Monday they will come.. hopefully they are wrong.

thank you.

Solution

Well, if they do find a vulnerability, I'd advise you to contact OutSystems Support.

Solution