You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Andrzej Jedrzejewski (JIRA)" <ji...@apache.org> on 2019/01/18 10:38:00 UTC

[jira] [Updated] (AMBARI-24634) Ambari Cross Site Scripting Vulnerability

     [ https://issues.apache.org/jira/browse/AMBARI-24634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrzej Jedrzejewski updated AMBARI-24634:
------------------------------------------
    Description:     (was: The attack was done through the Ambari "Files" module. It occurred when creating a new folder on the application by clicking on the "New Folder" option. From here I named the folder as "><svg/onload="alert(document.domain)">.

Once you save the payload as the new folder the page will refresh and from there the application will load the payload and execute the javascript within the "onload" attribute.

Here is the HTTP request used for this attack.

PUT /ambarihost/gateway/ambari/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/resources/files/fileops/mkdir HTTP/1.1
[Redacted...]

{"path":"/test\"><svg/onload=\"alert(document.domain);\">"})

> Ambari Cross Site Scripting Vulnerability
> -----------------------------------------
>
>                 Key: AMBARI-24634
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24634
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-web
>    Affects Versions: 2.6.2
>         Environment: Ambari 2.6.2.2
> HDP 2.6.5.0
>            Reporter: Andrzej Jedrzejewski
>            Assignee: Robert Levas
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)