yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #79331
[Bug 1829594] Re: Find XSS issue in test
[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]
** Changed in: keystone
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1829594
Title:
Find XSS issue in test
Status in OpenStack Identity (keystone):
Expired
Bug description:
Using webinspect tool to test, the test results show that there is XSS
issues.
Critical Issues
Cross-Site Scripting: Reflected ( 5649 ) View Description
CWE: 79,80,82,83,87,116,692,811
Kingdom: Input Validation and Representation
Page:
Parameter: $.auth.scope.project.id
Request:
POST /v3/auth/tokens HTTP/1.1
Host: 10.62.48.69
Content-Length: 336
Cache-Control: no-cache
User-Id: fcebae72c7b34e259be8f003499a4bd1
Pragma: no-cache
Origin: https://10.62.48.69
Project-Id: 14f32da561324e2c8790c60558844a0a
Access-Token: gAAAAABcwW-3ahN06YGt69MyU4GULjxlkWAzC0w5eYf88JqK07CKjdmNWZo42VLhMLS308BEH98vIcD3aCXJ9XlJn
ByuVvkqJYRjqSS2DLJBr0s6UHMBPsQlotM0_2w_fmn9Xhx0-lftDvdn9xO9Kn_zwuY2Odb7GQ
Content-Type: application/json
Accept: application/json, text/plain, */*
X-Auth-Token: gAAAAABcwW_XT5iUG2uH0kSm_594hJb-k1_utLvDp1DTPB-ZNByJ0CZLYwCwH8V7vufMASXtt6L0KlXLL_rQdFYjleCF7rai5WxpAsY1SwjejsIvKBU05m1jmi_AVJKzI
CXnZC7vcM0AwHQ1v_ZEasXDeKFkwz7W2Dp8QymzUBoQMlwRX6Ta9yWAWk-M9LxWD3GtzLIOoOzR
IsScopeDomain: false
siderbarBoolMsg: cloudManagementViewBool
If-Modified-Since: Mon, 26 Jul 1997 05:00:00 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/62.0.3202.89 Safari/537.36
operateuser: admin
Referer: https://10.62.48.69/ngportal/login
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: Keep-Alive
X-WIPP: AscVersion=18.20.178.0
X-Scan-Memo: Category="Audit.Attack"; SID="C13A9BA9ACA4260D094783D9B4A13852";
PSID="2BA1D619C8CFF66416259BDDB34002B6"; SessionType="AuditAttack"; CrawlType="None";
AttackType="PostSubParamInjection"; OriginatingEngineID="1354e211-9d7d-4cc1-80e6-4de3fd128002"; AttackSequence="13"; AttackParamDesc="%24.auth.scope.project.id";
AttackParamIndex="0"; AttackParamSubIndex="2"; CheckId="5105"; Engine="Cross+Site+Scripting";
SmartMode="NonServerSpecificOnly"; AttackString="14f32da561324e2c8790c60558844a0a%253c%
2573%2543%2572%2549%2570%2554%2520%2574%2559%2570%2545%253d%2574%2545%
2578%2554%252f%2576%2542%2573%2543%2572%2549%2570%2554%253e%254d%2573%
2567%2542%256f%2578%2528%2537%2532%2532%2534%2533%2529%253c%252f%2573%
2543%2572%2549%2570%2554%253e"; AttackStringProps="Attack"; ThreadId="493";
ThreadType="AuditorStateRequestor";
X-RequestManager-Memo: RequestorThreadIndex="6"; sid="825"; smi="0"; sc="1"; ID="dc87d526-e838-4f7c-9b79-94723727e38a";
X-Request-Memo: ID="520187c2-3597-4998-a2eb-68db0ae93a5b"; sc="1"; ThreadId="493";
Cookie: CustomCookie=WebInspect0
{"auth":{"identity":{"methods":["token"],"token":{"id":"gAAAAABcwW-3ahN06YGt69MyU4GULjxlkWAzC0w5eYf88JqK07CKjdmNWZo42VLhMLS308BEH98vIcD3aCXJ9XlJn
ByuVvkqJYRjqSS2DLJBr0s6UHMBPsQlotM0_2w_fmn9Xhx0-lftDvdn9xO9Kn_zwuY2Odb7GQ"}},"scope":{"project":
{"id":"14f32da561324e2c8790c60558844a0a<sCrIpT tYpE=tExT\/vBsCrIpT>MsgBox(72243)
<\/sCrIpT>"}}}}
Response:
HTTP/1.1 401 Unauthorized
Server: IAGV3.06.01
Date: Thu, 25 Apr 2019 09:13:44 GMT
Content-Type: application/json
Content-Length: 226
Connection: keep-alive
Vary: X-Auth-Token
x-openstack-request-id: req-1b47ef10-ece1-41b1-8b56-88a4aba415b0
WWW-Authenticate: Keystone uri="https://10.62.48.69"
...TRUNCATED...not find project: 14f32da561324e2c8790c60558844a0a <sCrIpT
tYpE=tExT/vBsCrIpT>MsgBox(72243)</sCrIpT> (Disable insecure_debug mode to suppress these
de...TRUNCATED...
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1829594/+subscriptions
References