[jira] [Commented] (DRILL-5766) Stored XSS in APACHE DRILL

Thu, 07 Sep 2017 07:14:42 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-5766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16156999#comment-16156999
 ] 

ASF GitHub Bot commented on DRILL-5766:
---------------------------------------

GitHub user arina-ielchiieva opened a pull request:

    https://github.com/apache/drill/pull/935

    DRILL-5766: Fix XSS vulnerabilities in Drill

    1. Bumped up freemarker version to 2.3.26-incubating.
    2. Indicated default output format in Freemarker configuration (HTML).
    3. Fixed Web UI bugs listed in DRILL-5346, DRILL-5341, DRILL-5339, 
DRILL-5338.
    
    Details in [DRILL-5766](https://issues.apache.org/jira/browse/DRILL-5766).

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/arina-ielchiieva/drill DRILL-5766

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/drill/pull/935.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #935
    
----
commit 4d998a75d579e9e07c84a86a687ec8b2012846ed
Author: Arina Ielchiieva <[email protected]>
Date:   2017-09-07T12:30:39Z

    DRILL-5766: Fix XSS vulnerabilities in Drill
    
    1. Bumped up freemarker version to 2.3.26-incubating.
    2. Indicated default output format in Freemarker configuration (HTML).
    3. Fixed Web UI bugs listed in DRILL-5346, DRILL-5341, DRILL-5339, 
DRILL-5338.

----


> Stored XSS in APACHE DRILL
> --------------------------
>
>                 Key: DRILL-5766
>                 URL: https://issues.apache.org/jira/browse/DRILL-5766
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Functions - Drill
>    Affects Versions: 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0
>         Environment: Apache drill installed in debian system
>            Reporter: Sanjog Panda
>            Assignee: Arina Ielchiieva
>            Priority: Critical
>              Labels: cross-site-scripting, security, security-issue, xss
>             Fix For: 1.12.0
>
>         Attachments: XSS - Sink.png, XSS - Source.png
>
>
> Hello Apache security team,
> I have been testing an application which internally uses the Apache drill 
> software v 1.6 as of now.
> I found XSS on profile page (sink) where in the user's malicious input comes 
> from the Query page (source) where you run a query. 
> Affected URL : https://localhost:8047/profiles 
> Once the user give the below payload and load the profile page, it gets 
> triggered and is stored.
> I have attached the screenshot of payload 
> <script>alert(document.cookie)</script>.
> *[screenshot link]
> *
> https://drive.google.com/file/d/0B8giJ3591fvUbm5JZWtjUTg3WmEwYmJQeWd6dURuV0gzOVd3/view?usp=sharing
> https://drive.google.com/file/d/0B8giJ3591fvUV2lJRzZWOWRGNzN5S0JzdVlXSG1iNnVwRlAw/view?usp=sharing
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to