Intersoft Solutions - Community - WebGrid Enterprise - TempReports folder write permission

Community / WebGrid

Latest Development Blogs

Retrieving News

ForumPostTopic

WebGrid Enterprise

2138

8348

WebCombo

357

1383

WebDesktop

430

1620

WebTreeView

263

WebScheduler

253

944

WebTextEditor

118

423

357

134

114

567

1861

Lounge

305

768

Crosslight

366

1443

Browse By Tag

TempReports folder write permission

1 reply. Last post: April 19, 2010 8:11 AM by Yudi

Tags :

(None)

Create New

New Discussion
New Question
New Product Feedback

Post Reply

Madhavan GMember

Posted: April 16, 2010 10:10 AM

Hi Team,

One of our client reported this security issue when they tested with security test tool HP WebInspect software.Intersoft webgrid requires TempReports folder to be in Application root with write permissions for asp.net worker process when we use the Exporting functionality of the Webgrid.The client does not want to give full rights as it is a security threat for them.

Can we have some other alternate approach for the export functionality to work without creating files in Tempreports folder?

Please advice.

The following is the result returned by this security tool regarding the TempReports folder.

PUT Method Arbitrary File Upload ( 3427 ) View Description

Page: http://10.225.3.227:80/EnterpriseConsole/TempReports/CreatedByHP7.txt

Request:

PUT /EnterpriseConsole/TempReports/CreatedByHP7.txt HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR

1.1.4322)

Host: 10.225.3.227

Memo: 50:Auditor.SendAsyncronousRequest:Attack(CID:3427:AS:0,EID:cd5d162d-

17e5-45e5-ae69-445dc6fbf2f3,ST:AuditAttack,AT:Other,APD:,I: