Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-5766

Stored XSS in APACHE DRILL

    XMLWordPrintableJSON

Details

    Description

      Hello Apache security team,

      I have been testing an application which internally uses the Apache drill software v 1.6 as of now.

      I found XSS on profile page (sink) where in the user's malicious input comes from the Query page (source) where you run a query.

      Affected URL : https://localhost:8047/profiles

      Once the user give the below payload and load the profile page, it gets triggered and is stored.

      I have attached the screenshot of payload <script>alert(document.cookie)</script>.

      *[screenshot link]
      *
      https://drive.google.com/file/d/0B8giJ3591fvUbm5JZWtjUTg3WmEwYmJQeWd6dURuV0gzOVd3/view?usp=sharing
      https://drive.google.com/file/d/0B8giJ3591fvUV2lJRzZWOWRGNzN5S0JzdVlXSG1iNnVwRlAw/view?usp=sharing

      Attachments

        1. XSS - Source.png
          38 kB
          Sanjog Panda
        2. XSS - Sink.png
          57 kB
          Sanjog Panda

        Activity

          People

            arina Arina Ielchiieva
            sanjogpanda Sanjog Panda
            Parth Chandra Parth Chandra
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: