U4-2027 - Penetration test: Reflected cross site scripting - can this be corrected

Created by Anthony jones 01 Apr 2013, 16:12:56 Updated by Sebastiaan Janssen 19 Apr 2013, 07:02:07

Relates to: U4-2021

Reflective Cross Site Scripting is identified in the application. In the current application scenario, the following query parameters are observed on the "directoryBrowser.aspx" page: path title link target It is observed that the application does not sanitize the the user input (or encode the output) for "target" parameter before including it in the response JavaScript. It is possible to inject custom JavaScripts in the page. Testing team successfully injected an alert box in the page. Authentication is required to exploit this vulnerability. Vulnerable URL is: http://156.109.215.144/umbraco/Developer/Packages/directorybrowser.aspx?path=App_Data/Logs&tit le=Web Browse&link=&target=abc');}alert(document.cookie);function abc(){// The payload injected is: abc');}alert(document.cookie);function abc(){//

Comments

Shannon Deminick 08 Apr 2013, 19:06:11

Fixed in 97e228fbc4aa


Priority: Normal

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal

Category: Security

Backwards Compatible: True

Fix Submitted:

Affected versions: 4.8.0, 4.9.0, 4.10.0, 4.11.0, 6.0.0, 4.9.1, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 6.0.1, 4.11.5, 6.0.2, 4.11.6, 6.0.3

Due in version: 6.0.4, 4.11.7

Sprint:

Story Points:

Cycle: