Nguy cơ: Trên hệ thống tồn tại các

Risk: on the system exists the function allows the data export query results, work out in the form of excel files however this function have the following vulnerabilities can expose the system's data:-Exel Files be stored in subdirectories of the webapp directory.Exel-File after the download users are not deleted.-Allows direct access to the excel files that do not pass authentication.-For example, The following link will allow to download an excel file that was previously exported system without authentication through the steps:-http://abc.com:8080/ams/share/report_out/exportDMHangHoa20121022090909.xlsPrevention: The data stored in the folder outside the web server installation directory, download the implementation this data must pass the authentication steps and parameters are encoded.

Threats: On the existing system functionality allows the data query, the results worked out in the form of excel files however this function after holes can reveal data of the system:
- File excel stored in subfolders of the folder webapp.
- File excel after users have downloaded is not deleted.
- Allows direct access to the excel file without going through authentication.
- Example: The following link will allow download an excel file system that was previously in the past without authentication steps:
- http://abc.com:8080/ams/share/report_out/ exportDMHangHoa20121022090909.xls
Prevention: the data is stored in a folder outside the web server installation directory, the implementation of this data must be downloaded via the authentication steps and parameters to encode.