[DRILL-7276] xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.16.0
Fix Version/s: 1.17.0
Component/s: Web Server
Labels:
- ready-to-commit

Description

In the query page,I select the "SQL" of the "Query Type" and in the "Query" field I input "select '<svg/onload=alert(/xss/)>' FROM cp.`employee.json`".

After submitting,I get the Query Profile whose url is "http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24".

Any user who visits the profile page and clicks "JSON profile" at the bottom to see the FULL JSON Profile will see two alert boxes as shown below.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

4.png
23/May/19 13:59
80 kB
shuiboye
2.png
23/May/19 13:59
22 kB
shuiboye
1.png
23/May/19 13:59
37 kB
shuiboye

Issue Links

links to

GitHub Pull Request #1795

Activity

People

Assignee:: Anton Gozhiy

Reporter:: shuiboye

Reviewer:: Vova Vysotskyi

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/May/19 14:00

Updated:: 30/May/19 17:37

Resolved:: 29/May/19 23:11