[ https://issues.apache.org/jira/browse/DRILL-5766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arina Ielchiieva reopened DRILL-5766: ------------------------------------- > Stored XSS in APACHE DRILL > -------------------------- > > Key: DRILL-5766 > URL: https://issues.apache.org/jira/browse/DRILL-5766 > Project: Apache Drill > Issue Type: Bug > Components: Functions - Drill > Affects Versions: 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0 > Environment: Apache drill installed in debian system > Reporter: Sanjog Panda > Assignee: Arina Ielchiieva > Priority: Critical > Labels: cross-site-scripting, security, security-issue, xss > Fix For: 1.12.0 > > Attachments: XSS - Sink.png, XSS - Source.png > > > Hello Apache security team, > I have been testing an application which internally uses the Apache drill > software v 1.6 as of now. > I found XSS on profile page (sink) where in the user's malicious input comes > from the Query page (source) where you run a query. > Affected URL : https://localhost:8047/profiles > Once the user give the below payload and load the profile page, it gets > triggered and is stored. > I have attached the screenshot of payload > <script>alert(document.cookie)</script>. > *[screenshot link] > * > https://drive.google.com/file/d/0B8giJ3591fvUbm5JZWtjUTg3WmEwYmJQeWd6dURuV0gzOVd3/view?usp=sharing > https://drive.google.com/file/d/0B8giJ3591fvUV2lJRzZWOWRGNzN5S0JzdVlXSG1iNnVwRlAw/view?usp=sharing > -- This message was sent by Atlassian JIRA (v6.4.14#64029)