[Competition Bug]: Application Error Disclosure

[bojes17]

Prerequisites

• [X] You confirm that your bug is available through the Chrome browser accessed by a Desktop computer.
• [X] You read the guidelines for contributing.
• [X] You are able to reproduce the problem in the latest version of Sinfonia.
• [X] You checked that the problem has not yet been reported (also through closed issues).

Describe the exact steps to reproduce the problem in as many details as possible

This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

Describe the issue behavior

If I type more than the esimal value that has been given in the amount swap then what will happen is an internal server error, this will make it easier for hackers to do hacks using the error server

BitSong Public Address

bitsong18s9vy4qg5vzegh8kv7lzwnjtdvgfszpqcgaatj

Osmosis Public Address

osmo15esnpgfhwluny9dqqj2690tglh5gffd2lld5dy

Which browser are you using?

Google Chrome

Which is your browser version?

No response

Which kind of device are you using?

Desktop

Are you using a ledger?

No

Which is your ledger version?

No response

Agree the Competition Rules

• [X] You agree the competition rules

[giorgionocera]

I cannot replicate the issue. Could you be more specific, please? Can you show me this "internal server error" you are talking about?

[giorgionocera]

If no comment is released on the 11th of may (12:00 am UTC) the issue will be closed.

[bojes17]

Maybe u can check your Syntax, and your security web that's very risk for your page

[bojes17]

This is Solution For Application Error Disclosure.

Review the source code of the page with known vulnerability.

Provide custom error pages for your web application.

Consider creating unique error identifiers while logging details of errors on the server side.

[giorgionocera]

We are not logging errors for validation on the server-side. Maybe you are talking about something strange. What do you mean by server-side validation on this issue?

[bojes17]

about the security server that is on your system is very risky, and makes it easier for hackers to retrieve the data that is on the system

[bojes17]

You must upgrade your security system sir

[DavideSegullo]

Hello @bojes17 , can you give us more details about that issue? How hackers can retrieve data from the system using a form? We don't send validation data to any server.

If you don't give us more details, we can't validate your issue and we'll close it.

If no comment is released on the 12th of may (12:00 am UTC) the issue will be closed.

Thank you

[bojes17]

This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. Because this information can be used to launch further attacks against the web application. So the alert could be a false positive if the error message is found inside a documentation page.

An unauthenticated remote attacker could get the details of an application. So from the application page containing an error/warning message that may disclose sensitive information.

[bojes17]

Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user

[giorgionocera]

The explanation is not clear. You re-wrote the same text as before. It continues to be unclear. We're going to close this issue. If you are able to provide more information please, feel free to open a new one, by adding more details.