Uploaded image for project: 'OpenMRS Core'
  1. OpenMRS Core
  2. TRUNK-823

Uploading Forms on Manage Forms has no check structure

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Could
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Complexity:
      Low

      Description

      On the current stable demo page, I am able to do a basic form of an attack that could be exploited and cause a denial of service on the system.

      Steps needed to perform this attack:
      1. Log in as the Administrator via (admin/test)
      2. Go to "Administration" tab
      3. Click on "Manage Forms" link
      4. Click on "Add Form"
      5. Enter "Attack Form" under Name
      6. Enter "1" as the version Number
      7. For the upload portion since there is no checking on the file type or size, a user can upload large files into the form database.

      A person could set up a script to do this continuously, which would put more storage into the database and cause a denial of service on the system due to there being no more space for other users to write to the database.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mcorcoran Mackenzie Corcoran
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: