查询中接受的正文参数 [英] Body Parameters accepted in query

问题描述

我们的Sharepoint 2013 on premise Web应用程序最近进行了安全评估，测试中突出显示的风险之一是"查询中接受的正文参数"。其中建议的修复建议是 - "重新编程
应用程序以禁止处理查询中列出的POST参数"。我尝试过对此进行研究，但无法在网上获得太多帮助。

Our Sharepoint 2013 on premise web application went through a security assessment recently and one of the risk highlighted from the testing was "Body Parameters accepted in query". Wherein the recommended fix suggested is - "Re-program the application to disallow handling of POST parameters that were listed in the Query". I tried researching on this but was not able to get much help on the web.

还报告了某些共享点OOTB页面的风险，例如  / _ layouts / 15 / help.aspx，  ; / _ layouts / 15 / upload.aspx等。

The risk was also reported for some sharepoint OOTB pages like /_layouts/15/help.aspx , /_layouts/15/upload.aspx etc.

有没有人遇到过这样的漏洞？

Has anyone come across such vulnerability?

推荐答案

告诉那些NudNiks你是否被VPAT所覆盖，并且他们可以砸沙子。

Tell those NudNiks that you're covered by the VPAT, and they can go pound sand.

这篇关于查询中接受的正文参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！