Activities of "nhontran"
Hi @maliming, sorry, forgot to mention that this issue happens with ABP endpoint as well, it shows the tenant not found page:
Hi @maliming:
I found that the query string value below caused the issue:
I capture it as the screenshot and managed to post it already.
Please close the ticket, thanks
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
Hi, a cross-site scripting issue has been flagged out in our project by penetration test team. This vulnerability is related to "__tenant" parameter in query string:
Subject:
Reflected Cross-Site Scripting (XSS)
https://<masked url>/api/* [GET parameter: __tenant]
https://<masked url>/identity/* [GET parameter: __tenant]
Description:
Reflected XSS occurs when malicious JavaScript code is supplied in a user’s request and returned back to them for
execution within their browser in the context of the website itself. This allows an attacker to inject code which is executed
by legitimate users when they are tricked into opening a malicious link or visiting a site under an attacker’s control. This
allows an attacker to perform unauthorised actions in the application on behalf of legitimate users or spread malware via
the application.
The __tenant parameter used in the identified subjects is vulnerable to XSS attacks. An example is demonstrated below:
Payload used:
Attached file is the screenshot that I have tested in my local:
Hi @maliming, this is the screenshot:
do you know which keyword caused the issue?
Hi, I am unable to create new post, keep getting "access has been blocked"
Hmm... I just tried again with totally new module template, it works fine, look like something wrong with my current project.
I will double check, please ignore it.
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
Hi, I have followed all the steps below to add the text template file (*.tpl) into the module project: https://docs.abp.io/en/abp/latest/Text-Templating-Scriban
However, I got the below error when running in IIS (debugging with visual studio is Ok):
2023-01-05 12:23:08.235 +08:00 [ERR] Could not find a file/folder at the location: /Templates/Testing1.tplVolo.Abp.AbpException: Could not find a file/folder at the location: /Templates/Testing1.tpl
This issue does not happen with Application template, is there any step that I missed?
noted, thank @maliming
Hi, we are using ABP 5.2.2 and we plan to move from IdentityServer4 to AWS Cognito (OpenID provider provided by AWS), but we don't know where to start and anything that we need to take into consideration. Could you please give me the high-level tasks that we need to do for this kind of replacement?
Hi @EngicanV, thanks for the reply.