Message Boards
Cross Site Scripting (Reflected) and SQL Injection in liferay dxp
Rayappa Hattarwat, modified 4 Years ago.
Cross Site Scripting (Reflected) and SQL Injection in liferay dxp
Junior Member Posts: 89 Join Date: 8/11/15 Recent Posts
Hi ,
How will doing Cross Site Scripting (Reflected) and SQL Injection in liferay dxp.can you tell me.
Regards,
Rayappa
How will doing Cross Site Scripting (Reflected) and SQL Injection in liferay dxp.can you tell me.
Regards,
Rayappa
Olaf Kock, modified 4 Years ago.
RE: Cross Site Scripting (Reflected) and SQL Injection in liferay dxp
Liferay Legend Posts: 6403 Join Date: 9/23/08 Recent PostsRayappa Hattarwat:
Are you asking how to do it? Or what to do if you found such an issue?
How will doing Cross Site Scripting (Reflected) and SQL Injection in liferay dxp.can you tell me.
On "how": The answer is that you don't - unless you know of a bug or misconfiguration. E.g. it's possible to allow arbitrary HTML content for trusted users - which can cause XSS. But that would be a matter of gaining the required permissions. SQL injection is not possible.
If you find a related issue, check https://liferay.com/security. And, as you mention DXP: Open a ticket.
Rayappa Hattarwat, modified 4 Years ago.
RE: Cross Site Scripting (Reflected) and SQL Injection in liferay dxp
Junior Member Posts: 89 Join Date: 8/11/15 Recent Posts
Hi Olaf Kock,
Thanks for response.
Thanks for response.