[jira] Commented: (MRM-1468) Fix cross-site scripting vulnerability in Archiva.

Sun, 17 Apr 2011 07:59:51 -0700 

    [ 
http://jira.codehaus.org/browse/MRM-1468?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=263784#action_263784
 ] 

Maria Odea Ching commented on MRM-1468:
---------------------------------------

Thanks for the patch Marc! 

Can you also add selenium tests for the following XSS scenarios that was 
reported in Archiva so that we can make sure that they're addressed by the 
fixes?

# 
http://127.0.0.1:8080/archiva/deleteArtifact!doDelete.action?groupId=1<script>alert('xss')</script>&artifactId=1<script>alert('xss')</script>&version=1&repositoryId=internal
# 
http://127.0.0.1:8080/archiva/admin/addLegacyArtifactPath!commit.action?legacyArtifactPath.path=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&groupId=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&artifactId=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&version=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&classifier=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&type=test%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E
# 
http://127.0.0.1:8080/archiva/admin/deleteNetworkProxy!confirm.action?proxyid=test%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E

Stored (Persistent) XSS:
The exploit is executed in multiple pages. I have highlighted the input page 
and 1 page on which the code gets executed.

# Stored XSS in Add Repository. Use the following exploit code for PoC:
Exploit Code: test"><script>alert('xss')</script>
Input URL: http://127.0.0.1:8080/archiva/admin/addRepository.action [Input 
fields: Identifier:repository.id, Name:repository.name, 
Directory:repository.location, Index Directory:repository.indexDir] Rendered 
On: 
http://127.0.0.1:8080/archiva/admin/confirmDeleteRepository.action?repoid=test

# Stored XSS in Edit Appearance
Exploit Code: test<script>alert('xss')</script> Input URL: 
http://127.0.0.1:8080/archiva/admin/editAppearance.action [Input fields: 
Name:organisationName, URL:organisation:URL, LogoURL:organisation:URL] Rendered 
On: http://127.0.0.1:8080/archiva/admin/configureAppearance.action

# Stored XSS in Add Legacy Artifact Path Exploit Code: 
test<script>alert('xss')</script> Input Page: 
http://127.0.0.1:8080/archiva/admin/addLegacyArtifactPath.action [Input Fields: 
Path:name=legacyArtifactPath.path, GroupId:groupId, ArtifactId:artifactId, 
Version:version, Classifier:classifier, Type:type] Rendered On: 
http://127.0.0.1:8080/archiva/admin/legacyArtifactPath.action

# Stored XSS in Add Network Proxy
Exploit Code: test<script>alert('xss')</script> Input Page: 
http://127.0.0.1:8080/archiva/admin/addNetworkProxy.action [Input Fields: 
Identifier:proxy.id, Protocol:proxy.protocol, Hostname:proxy.host, 
Port:proxy.port, Username:proxy.username] Rendered On: 
http://127.0.0.1:8080/archiva/admin/networkProxies.action


> Fix cross-site scripting vulnerability in Archiva.
> --------------------------------------------------
>
>                 Key: MRM-1468
>                 URL: http://jira.codehaus.org/browse/MRM-1468
>             Project: Archiva
>          Issue Type: Task
>    Affects Versions: 1.3.4
>            Reporter: Marc Jansen Tan Chua
>            Assignee: Maria Odea Ching
>             Fix For: 1.3.5
>
>         Attachments: MRM-1468-1.patch, MRM-1468.patch
>
>


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to