Skip to content

[Bug][Fuzz]: RPS accepts injected query string on GET CIRA config by name #2600

New issue
New issue
Open
Open
[Bug][Fuzz]: RPS accepts injected query string on GET CIRA config by name#2600
Labels
bugSomething isn't working
@shaoboon

Description

@shaoboon
shaoboon
opened on Mar 17, 2026

Describe the bug

GET by configName with injected query string returns 200 OK.

Steps to reproduce

  1. Setup
    • Request: 
      POST /api/v1/admin/ciraconfigs HTTP/1.1\r\nAccept: application/json\r\nHost: device-management-toolkit-rps-1:8081\r\nContent-Type: application/json\r\n\r\n{\n "configName":"cira6d4a5b5599",\n "mpsServerAddress":"192.168.1.1",\n "mpsPort":4433,\n "username":"mpsuser",\n "password":"P@ssw0rd123",\n "commonName":"192.168.1.1",\n "serverAddressFormat":3,\n "authMethod":2,\n "mpsRootCertificate":"U3dhZ2dlciByb2Nrcw==",\n "proxyDetails":""}\r\n
    • Response: 
      HTTP/1.1 201 Created\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 261\r\nETag: W/"105-1QjqUAquKTlK7hrXNOQ2WCahchA"\r\nDate: Mon, 16 Mar 2026 02:35:28 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n{"configName":"cira6d4a5b5599","mpsServerAddress":"192.168.1.1","mpsPort":4433,"username":"mpsuser","commonName":"192.168.1.1","serverAddressFormat":3,"authMethod":2,"mpsRootCertificate":"U3dhZ2dlciByb2Nrcw==","proxyDetails":"","tenantId":"","version":"381682"}
  2. Test
    • Request: 
      GET /api/v1/admin/ciraconfigs/cira6d4a5b5599?injected_query_string=123 HTTP/1.1\r\nAccept: application/json\r\nHost: device-management-toolkit-rps-1:8081\r\n\r\n
    • Response: 
      HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 261\r\nETag: W/"105-1QjqUAquKTlK7hrXNOQ2WCahchA"\r\nDate: Mon, 16 Mar 2026 02:35:28 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n{"configName":"cira6d4a5b5599","mpsServerAddress":"192.168.1.1","mpsPort":4433,"username":"mpsuser","commonName":"192.168.1.1","serverAddressFormat":3,"authMethod":2,"mpsRootCertificate":"U3dhZ2dlciByb2Nrcw==","proxyDetails":"","tenantId":"","version":"381682"}

Expected behavior

Injected/suspicious query input should be rejected or sanitized according to strict validation policy.

Screenshots

No response

AMT Version

N/A

Configuration Mode

CCM

Operating System

Linux Ubuntu

AMT Device Information

No response

Service Deployment Information

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions