Many times, the TRIRIGA application gives information about itself, without really intending to do so. With HTTP requests/responses giving out server information depending on the input data, these are all examples of such information leakage. Here’s one example of several that shows this issue:
- URL: xxxx/pc/birtviewer.query?tririgasecuritytoken=bnFaJRx8SYuUdQyCmYxyR2F&_queryId=133972
- Parameter: _queryId
- Attack value: 13397a
Steps to replicate:
- 1. Login to the application.
- 2. Navigate to the Home portal.
- 3. Click on Financial Reporting > Balance Sheet Accounting Report > Balance Sheet > Future Accounting.
- 4. Intercept the request and apply the attack value in the mentioned parameter of the target URL: xxxx/pc/birtviewer.query?tririgasecuritytoken=bnFaJRx8SYuUdQyCmYxyR2F&_queryId=133972
This happens at various other spots in the application.
Some configured servlets would throw an exception with the full stack trace to an end user. An issue has been resolved where, in some cases, an error message would display a Java stack trace.