Reports can contain embedded hyperlinks in the value of the Action property on
a report item or part of a report item. Hyperlinks can be bound to data that is
retrieved from an external data source when the report is processed. If a
malicious user modifies the underlying data, the hyperlink might be at risk for
scripting exploits. If a user clicks the link in the published or exported report,
malicious script could run.
To mitigate the risk of including links in a report that inadvertently run malicious
scripts, only bind hyperlinks to data from trusted sources. Verify that data from
the query results and the expressions that bind data to hyperlinks do not create
links that can be exploited. For example, do not base a hyperlink on an
expression that concatenates data from multiple dataset fields. If necessary,
browse to the report and use "View Source" to check for suspicious scripts and
URLs.
Regards,
Hossein Karimi
AX,365,NAV(tutorials: tips and tricks)
Tuesday, July 31, 2018
Mitigating Script Injection Attacks in a Hyperlink in a Published Report or Document
+10 years of experience with hands-on lead-level background in the full life cycle of software development with demonstrated cross-functional team leadership skills.
Programming:
• ERP :Microsoft Dynamics AX 2012
• Language :X++, C#, C++, XAML, Asp.Net, Html, VB.Net, Android
• Environment : Windows XP, Windows 8, Windows 10, Windows Server
• DataBase : Oracle 9i,10g,11g and SqlServer and SQLlite
Subscribe to:
Post Comments (Atom)
-
In Reporting Services, reports and resources are processed under the security identity of the user who is running the report. If the report ...
-
The below select query will give the both the Sales Line record count and the sum of sales quantity. static void Test_Data(Args _args) ... -
To integrate Microsoft Dynamics AX and Analysis Services, you must connect Analysis Services to the Application Object Server (AOS). To do s...
No comments:
Post a Comment