[DRILL-5766] Stored XSS in APACHE DRILL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.6.0, 1.7.0, 1.8.0, 1.9.0, 1.10.0, 1.11.0
Fix Version/s: 1.12.0
Component/s: Functions - Drill
Labels:
Environment:

Apache drill installed in debian system

Description

Hello Apache security team,

I have been testing an application which internally uses the Apache drill software v 1.6 as of now.

I found XSS on profile page (sink) where in the user's malicious input comes from the Query page (source) where you run a query.

Affected URL : https://localhost:8047/profiles

Once the user give the below payload and load the profile page, it gets triggered and is stored.

I have attached the screenshot of payload <script>alert(document.cookie)</script>.

*[screenshot link]
*
https://drive.google.com/file/d/0B8giJ3591fvUbm5JZWtjUTg3WmEwYmJQeWd6dURuV0gzOVd3/view?usp=sharing
https://drive.google.com/file/d/0B8giJ3591fvUV2lJRzZWOWRGNzN5S0JzdVlXSG1iNnVwRlAw/view?usp=sharing

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

XSS - Sink.png
04/Sep/17 07:27
57 kB
Sanjog Panda
XSS - Source.png
04/Sep/17 07:26
38 kB
Sanjog Panda

Issue Links

links to

GitHub Pull Request #935

GitHub Pull Request #955

Activity

People

Assignee:: Arina Ielchiieva

Reporter:: Sanjog Panda

Reviewer:: Parth Chandra

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 04/Sep/17 07:24

Updated:: 29/Dec/17 12:22

Resolved:: 12/Sep/17 10:49