查询中接受的正文参数 [英] Body Parameters accepted in query
问题描述
我们的Sharepoint 2013 on premise Web应用程序最近进行了安全评估,测试中突出显示的风险之一是"查询中接受的正文参数"。其中建议的修复建议是 - "重新编程
应用程序以禁止处理查询中列出的POST参数"。我尝试过对此进行研究,但无法在网上获得太多帮助。
Our Sharepoint 2013 on premise web application went through a security assessment recently and one of the risk highlighted from the testing was "Body Parameters accepted in query". Wherein the recommended fix suggested is - "Re-program the application to disallow handling of POST parameters that were listed in the Query". I tried researching on this but was not able to get much help on the web.
还报告了某些共享点OOTB页面的风险,例如 / _ layouts / 15 / help.aspx,  ; / _ layouts / 15 / upload.aspx等。
The risk was also reported for some sharepoint OOTB pages like /_layouts/15/help.aspx , /_layouts/15/upload.aspx etc.
有没有人遇到过这样的漏洞?
Has anyone come across such vulnerability?
推荐答案
告诉那些NudNiks你是否被VPAT所覆盖,并且他们可以砸沙子。
Tell those NudNiks that you're covered by the VPAT, and they can go pound sand.
这篇关于查询中接受的正文参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!