Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7276

xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.16.0
    • 1.17.0
    • Web Server

    Description

      In the query page,I select the "SQL" of the "Query Type"  and in the "Query" field I input "select '<svg/onload=alert(/xss/)>'  FROM cp.`employee.json`".

      After submitting,I get the Query Profile whose url is "http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24".

      Any user who visits the profile page and clicks "JSON profile" at the bottom to see the FULL JSON Profile will see two alert boxes as shown below.
       
       

      Attachments

        1. 4.png
          80 kB
          shuiboye
        2. 2.png
          22 kB
          shuiboye
        3. 1.png
          37 kB
          shuiboye

        Issue Links

          Activity

            People

              angozhiy Anton Gozhiy
              shuiboye shuiboye
              Vova Vysotskyi Vova Vysotskyi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: