Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1838

Reflected XSS in New UI with /UiV2Public.index

    XMLWordPrintable

Details

    Description

       

       

      From: grouper-core-request@internet2.edu grouper-core-request@internet2.edu On Behalf Of Jerry Lee
      Sent: Tuesday, July 17, 2018 7:45 PM
      To: grouper-core@internet2.edu
      Subject: [grouper-core] Reflected (GET request) cross-site scripting in New UI

       

      Hi Grouper developer team,

       

      This is Jerry from the University of Auckland, we would like to report a reflected (GET request) cross-site scripting vulnerability within Grouper's New UI.

       

      This vulnerability exist in the following url parameter: 

      hxxps://grouper-instance.localhost/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=xss payload

       

      A proof of concept url that could trigger this xss vulnerability would look like this: 

      hxxps://grouper-instance.localhost/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=%3Cscript%3Ealert(1)%3C/script%3E

       

      I've also attached a screenshot with the payload executed within client browser in this email, feel free to take a look if it would help resolving the issue. If you would like me to clarify anything in regards with above subject, please do not hesitate to contact me.

       

      Kind Regards,

      Jerry

       

      Jerry Lee | Information Security Analyst | University of Auckland

      +64 9 373 7599 ext. 83763 - hk.lee@auckland.ac.nz - PGP ID:0267ADF6 

       

      PGP Fingerprint: F886 6E17 F107 0717 C10D  30C3 AA9D FCB5 0267 ADF6

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: