ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
SUMMARY
creating a new account using the web ui has some useless? get-like url parameters. maybe, this was a get request some time ago and then switched to post without cleaning the url part?
STEPS TO REPRODUCE
- use tcpdump/burp or some other traffic capture tool
- create a new account
- review the called urls
EXPECTED RESULTS
a post request to the api endpoint
https://***/client/api?command=createAccount&response=json
with the payload in its body
ACTUAL RESULTS
a post request to the api endpoint
https://***/client/api?command=createAccount&username=dummyaccount&email=dummy@dummy.local&firstname=dummy&lastname=dummy&password=dummypass&domainid=****&roleid=****&response=json
with the payload in its body.
when creating a user account, the request is as expected
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
SUMMARY
creating a new account using the web ui has some useless? get-like url parameters. maybe, this was a get request some time ago and then switched to post without cleaning the url part?
STEPS TO REPRODUCE
EXPECTED RESULTS
a post request to the api endpoint
with the payload in its body
ACTUAL RESULTS
a post request to the api endpoint
with the payload in its body.
when creating a user account, the request is as expected