GSA / project-open-data-dashboard

Project Open Data Dashboard
http://labs.data.gov/dashboard/
Other
138 stars 119 forks source link

Site seems ripe for SQL injection #134

Open CanDoAnything opened 8 years ago

CanDoAnything commented 8 years ago

datagov dashboard

It's escaping the single ticks, but I'm sure there is a way to escape the escapes :dancer:

kvuppala commented 8 years ago

@klever4ever our preliminary tests didnt indicate any vulnerability, application code handles them well. We will look for more thorough test and also showing a generic error message in these cases.

CC @philipashlock