Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-3899

fileupload.html.dsp has XSS problem

    XMLWordPrintable

Details

    Description

      Steps to Reproduce

      1. run the attached zul
      2. open the dev tool
      3. click the upload button, the upload dialog appears
      4. get request url for dsp file like http://localhost:8080/zk3upload/zkau/web/660e7a2d/upload/fileupload.html.dsp?dtid=gjm31&uuid=z_jm_3&max=-1&native=false
      5. append js injection code %0A%2f%2f-%3E%0A%3C%2fscript%3Eipt%3E%0A%3Cimg%20src%3dx%20onerror%3dalert(1)%3E%3C!- after uuid like http://localhost:8080/zk3upload/zkau/web/660e7a2d/upload/fileupload.html.dsp?dtid=gjm31&uuid=z_jm_3%0A%2f%2f--%3E%0A%3C%2fscript%3Eipt%3E%0A%3Cimg%20src%3dx%20onerror%3dalert(1)%3E%3C!--&max=-1&native=false
      6. request the forged URL with a browser

      Current Result

      the javascript is injected into the page and execute alert(1)

      Expected Result

      no javascript executed

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. ZK-2056 XSS Vulnerability in AuUploader

          • Major - Major loss of function.
          • Closed

          Activity

            People

              hawk hawk
              hawk hawk
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: