You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Andrzej Jedrzejewski (JIRA)" <ji...@apache.org> on 2018/09/13 13:58:00 UTC

[jira] [Created] (AMBARI-24634) Ambari Cross Site Scripting Vulnerability

Andrzej Jedrzejewski created AMBARI-24634:
---------------------------------------------

             Summary: Ambari Cross Site Scripting Vulnerability
                 Key: AMBARI-24634
                 URL: https://issues.apache.org/jira/browse/AMBARI-24634
             Project: Ambari
          Issue Type: Bug
          Components: ambari-web
    Affects Versions: 2.6.2
         Environment: Ambari 2.6.2.2

HDP 2.6.5.0
            Reporter: Andrzej Jedrzejewski


The attack was done through the Ambari "Files" module. It occurred when creating a new folder on the application by clicking on the "New Folder" option. From here I named the folder as "><svg/onload="alert(document.domain)">.

Once you save the payload as the new folder the page will refresh and from there the application will load the payload and execute the javascript within the "onload" attribute.

Here is the HTTP request used for this attack.

PUT /ambarihost/gateway/ambari/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/resources/files/fileops/mkdir HTTP/1.1
[Redacted...]

{"path":"/test\"><svg/onload=\"alert(document.domain);\">"}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)