You need to sign in to do that
Don't have an account?
sales force 4
How to fix the vulnerable to SQL injection attacks error in sales force?
In my Custom visual force page i have coded iframe like this:
$("a#icsFrame8").click(function () { document.getElementById("myIFrame").src = '/apex/Samplepage?isdtp=mn';
But, After we did a BURP scan we passed URL parameter appears to be vulnerable to SQL injection attack error. Below it shows the Error:
GET /apex/SamplePage?id=a0Pb0000007FkR9EAK&isdtp=mn&137665543'%20or%20'4694'%3d'4694=1 HTTP/1.
Any body help me how to fix this..
$("a#icsFrame8").click(function () { document.getElementById("myIFrame").src = '/apex/Samplepage?isdtp=mn';
But, After we did a BURP scan we passed URL parameter appears to be vulnerable to SQL injection attack error. Below it shows the Error:
GET /apex/SamplePage?id=a0Pb0000007FkR9EAK&isdtp=mn&137665543'%20or%20'4694'%3d'4694=1 HTTP/1.
Any body help me how to fix this..
https://www.salesforce.com/us/developer/docs/pages/Content/pages_security_tips_soql_injection.htm
https://developer.salesforce.com/page/Secure_Coding_SQL_Injection
http://www.salesforcegeneral.com/soql-injection-salesforce/