Opened 2 weeks ago

Last modified 2 weeks ago

#28681 new defect

reflected XSS metrics.torproject.org

Reported by: 0x539h Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Relay Search Version:
Severity: Major Keywords: xss, cross-site scripting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello! I have been found reflected XSS vulnerability on subdomain of torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack .

https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E

the vector is:

"><img src=x onerror=alert(1)>

P0W3RING D1G1T4L R3S1S74NC3!

Child Tickets

Attachments (1)

Screenshot from 2018-11-27 14-11-56.png (138.1 KB) - added by 0x539h 2 weeks ago.
xss

Download all attachments as: .zip

Change History (3)

Changed 2 weeks ago by 0x539h

xss

comment:1 Changed 2 weeks ago by arma

Component: - Select a componentMetrics/Relay Search
Owner: set to metrics-team
Sponsor: Sponsor2
Version: sbws: unspecified

comment:2 Changed 2 weeks ago by irl

Priority: HighMedium

It is a bug, but it's not particularly scary as there is nothing you can get at that would be privileged here.

0x539h: the code is at https://gitweb.torproject.org/metrics-web.git/tree/src/main/resources/web/js/rs

It would probably be best to clean the inputs in the router:

https://gitweb.torproject.org/metrics-web.git/tree/src/main/resources/web/js/rs/router.js

Would you like to make a patch?

Note: See TracTickets for help on using tickets.