-
Bug
-
Resolution: Duplicate
-
Minor
-
3.6.4
-
None
Steps to Reproduce
1. run the attached zul
2. open the dev tool
3. click the upload button, the upload dialog appears
4. get request url for dsp file like http://localhost:8080/zk3upload/zkau/web/660e7a2d/upload/fileupload.html.dsp?dtid=gjm31&uuid=z_jm_3&max=-1&native=false
5. append js injection code %0A%2f%2f-%3E%0A%3C%2fscript%3Eipt%3E%0A%3Cimg%20src%3dx%20onerror%3dalert(1)%3E%3C!- after uuid like http://localhost:8080/zk3upload/zkau/web/660e7a2d/upload/fileupload.html.dsp?dtid=gjm31&uuid=z_jm_3%0A%2f%2f--%3E%0A%3C%2fscript%3Eipt%3E%0A%3Cimg%20src%3dx%20onerror%3dalert(1)%3E%3C!--&max=-1&native=false
6. request the forged URL with a browser
Current Result
the javascript is injected into the page and execute alert(1)
Expected Result
no javascript executed
- duplicates
-
ZK-2056 XSS Vulnerability in AuUploader
- Closed