Skip to content

Able to create challenge with html tag and SQL queries #497

New issue
New issue
Closed
Closed
Able to create challenge with html tag and SQL queries#497
Labels
P1QA Pass in DevQA Pass in ProdSecurityBug Hunt Security category
Milestone
 
0.2.0
@ab668685

Description

@ab668685
ab668685
opened on May 8, 2020

Describe the bug
Able to create challenge with html tag and SQL queries

To Reproduce / Actual Behavior
Steps to reproduce the behavior:

  1. Go to '
    https://challenges.topcoder-dev.com '
    2.Login as jcori / appirio123'
  2. Click on Create new challenge
  3. Add challenge name as " I am a challenger {select * from challenge table}}> "

Expected behavior
challenger name should not accept HTML tag and SQL queries

Screenshots
image

Desktop (please complete the following information):

  • OS: [Windows 10]
  • Browser [e.g. chrome]
  • Version [78]

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1QA Pass in DevQA Pass in ProdSecurityBug Hunt Security category

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions