drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjog Panda (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5766) Stored XSS in APACHE DRILL
Date Mon, 04 Sep 2017 07:25:00 GMT
Sanjog Panda created DRILL-5766:
-----------------------------------

             Summary: Stored XSS in APACHE DRILL
                 Key: DRILL-5766
                 URL: https://issues.apache.org/jira/browse/DRILL-5766
             Project: Apache Drill
          Issue Type: Bug
          Components: Functions - Drill
    Affects Versions: 1.11.0, 1.10.0, 1.9.0, 1.8.0, 1.7.0, 1.6.0
         Environment: Apache drill installed in debian system
            Reporter: Sanjog Panda
            Priority: Critical


Hello Apache security team,

I have been testing an application which internally uses the Apache drill software v 1.6 as
of now.

I found XSS on profile page (sink) where in the user's malicious input comes from the Query
page (source) where you run a query. 

Once the user give the below payload and load the profile page, it gets triggered and is stored.

I have attached the screenshot of payload <script>alert(document.cookie)</script>.

*[screenshot link]
*
https://drive.google.com/file/d/0B8giJ3591fvUbm5JZWtjUTg3WmEwYmJQeWd6dURuV0gzOVd3/view?usp=sharing
https://drive.google.com/file/d/0B8giJ3591fvUV2lJRzZWOWRGNzN5S0JzdVlXSG1iNnVwRlAw/view?usp=sharing




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message