You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "shuiboye (JIRA)" <ji...@apache.org> on 2019/05/23 14:01:00 UTC
[jira] [Created] (DRILL-7276) xss(bug) in apache drill Web UI
latest verion 1.16.0 when authenticated
shuiboye created DRILL-7276:
-------------------------------
Summary: xss(bug) in apache drill Web UI latest verion 1.16.0 when authenticated
Key: DRILL-7276
URL: https://issues.apache.org/jira/browse/DRILL-7276
Project: Apache Drill
Issue Type: Bug
Components: Web Server
Affects Versions: 1.16.0
Reporter: shuiboye
Attachments: 1.png, 2.png, 4.png
In the query page,I select the "SQL" of the "Query Type" and in the "Query" field I input "*select '<svg/onload=alert(/xss/)>' FROM cp.`employee.json`*".
!1.png!
After submitting,I get the Query Profile whose url is "*[http://127.0.0.1:8047/profiles/231beb11-4b43-0762-8b90-76a9af2edd24]*".
!2.png!
Any user who visits the profile page and clicks "JSON profile" at the bottom to see the FULL JSON Profile will see two alert boxes as shown below.
!4.png!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)