hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Elek, Marton (Jira)" <j...@apache.org>
Subject [jira] [Assigned] (HDDS-2111) DOM XSS
Date Sat, 14 Sep 2019 03:15:00 GMT

     [ https://issues.apache.org/jira/browse/HDDS-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Elek, Marton reassigned HDDS-2111:
----------------------------------

    Assignee: Elek, Marton

> DOM XSS
> -------
>
>                 Key: HDDS-2111
>                 URL: https://issues.apache.org/jira/browse/HDDS-2111
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>          Components: S3
>            Reporter: Aayush
>            Assignee: Elek, Marton
>            Priority: Major
>
> VULNERABILITY DETAILS
> There is a way to bypass anti-XSS filter for DOM XSS exploiting a "window.location.href".
> Considering a typical URL:
> scheme://domain:port/path?query_string#fragment_id
> Browsers encode correctly both "path" and "query_string", but not the "fragment_id". 
> So if used "fragment_id" the vector is also not logged on Web Server.
> VERSION
> Chrome Version: 10.0.648.134 (Official Build 77917) beta
> REPRODUCTION CASE
> This is an index.html page:
> {code:java}
> aws s3api --endpoint <script>document.write(window.location.href.replace("static/",
""))</script> create-bucket --bucket=wordcount</pre>
> {code}
> The attack vector is:
> index.html?#<script>alert('XSS');</script>
> * PoC:
> For your convenience, a minimalist PoC is located on:
> http://security.onofri.org/xss_location.html?#<script>alert('XSS');</script>
> * References
> - DOM Based Cross-Site Scripting or XSS of the Third Kind - http://www.webappsec.org/projects/articles/071105.shtml
> reference:- 
> https://bugs.chromium.org/p/chromium/issues/detail?id=76796



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message