I create a simple dashboard and put a text field (token: field1) and
a panel with shows result search query.
If user input the following keyword in the field
" OR index=_internal earliest=-365d@d sourcetype="*
(it should start with an orphaned double quote and end with an asterisk),
the dashboard displayed the result from _internal log.
Does someone have any idea to prevent SPL injections?
↧