Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7276

xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.16.0
    • Fix Version/s: 1.17.0
    • Component/s: Web Server
    • Labels:

      Description

      In the query page,I select the "SQL" of the "Query Type"  and in the "Query" field I input "select '<svg/onload=alert(/xss/)>'  FROM cp.`employee.json`".

      After submitting,I get the Query Profile whose url is "http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24".

      Any user who visits the profile page and clicks "JSON profile" at the bottom to see the FULL JSON Profile will see two alert boxes as shown below.
       
       

        Attachments

        1. 1.png
          37 kB
          shuiboye
        2. 2.png
          22 kB
          shuiboye
        3. 4.png
          80 kB
          shuiboye

          Issue Links

            Activity

              People

              • Assignee:
                angozhiy Anton Gozhiy
                Reporter:
                shuiboye shuiboye
                Reviewer:
                Vova Vysotskyi
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: