You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Andrzej Jedrzejewski (JIRA)" <ji...@apache.org> on 2018/09/13 13:58:00 UTC
[jira] [Created] (AMBARI-24634) Ambari Cross Site Scripting
Vulnerability
Andrzej Jedrzejewski created AMBARI-24634:
---------------------------------------------
Summary: Ambari Cross Site Scripting Vulnerability
Key: AMBARI-24634
URL: https://issues.apache.org/jira/browse/AMBARI-24634
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 2.6.2
Environment: Ambari 2.6.2.2
HDP 2.6.5.0
Reporter: Andrzej Jedrzejewski
The attack was done through the Ambari "Files" module. It occurred when creating a new folder on the application by clicking on the "New Folder" option. From here I named the folder as "><svg/onload="alert(document.domain)">.
Once you save the payload as the new folder the page will refresh and from there the application will load the payload and execute the javascript within the "onload" attribute.
Here is the HTTP request used for this attack.
PUT /ambarihost/gateway/ambari/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/resources/files/fileops/mkdir HTTP/1.1
[Redacted...]
{"path":"/test\"><svg/onload=\"alert(document.domain);\">"}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)