hp fortify security features owasp top 10 2013 a4 insecure direct object references
without proper access control, method lazylistexitcause() in causedaoimpl.java can execute sql statement on line 81 contains attacker-controlled primary key, thereby allowing attacker access unauthorized records.
line 80 criteria criteria = getcurrentsession().createcriteria(causeto.class, "c");
line 81 criteria.createalias("exitlist", "e").add(restrictions.eq("c.id", exitcriteriato.getrefid()))
Comments
Post a Comment