[
https://issues.apache.org/jira/browse/AMBARI-24634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas reassigned AMBARI-24634:
-------------------------------------
Assignee: Robert Levas
> Ambari Cross Site Scripting Vulnerability
> -----------------------------------------
>
> Key: AMBARI-24634
> URL: https://issues.apache.org/jira/browse/AMBARI-24634
> Project: Ambari
> Issue Type: Bug
> Components: ambari-web
> Affects Versions: 2.6.2
> Environment: Ambari 2.6.2.2
> HDP 2.6.5.0
> Reporter: Andrzej Jedrzejewski
> Assignee: Robert Levas
> Priority: Major
>
> The attack was done through the Ambari "Files" module. It occurred when
> creating a new folder on the application by clicking on the "New Folder"
> option. From here I named the folder as
> "><svg/onload="alert(document.domain)">.
> Once you save the payload as the new folder the page will refresh and from
> there the application will load the payload and execute the javascript within
> the "onload" attribute.
> Here is the HTTP request used for this attack.
> PUT
> /ambarihost/gateway/ambari/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/resources/files/fileops/mkdir
> HTTP/1.1
> [Redacted...]
> {"path":"/test\"><svg/onload=\"alert(document.domain);\">"}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
