Skip to Content
author's profile photo Former Member
Former Member

XSS Vulnerability using Context parameter when retrieving images

We are going through a security assessment and one of the items identified is that the context parameter is vulnerability to a Cross-Site Scripting (XXS) when retrieving images within Hybris.

Their example is the following: http://image.png?context=

My question is can this xss attack be exploited via the context parameter. I know that the context parameter is the encoded image path; would the javascript not being successfully decoded to a path (1) not display an image (2)not execute the javascript.

Thoughts?

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Nov 18, 2015 at 12:06 PM

    Context parameter is used as a pointer to specific media file. This is not XSS per se, if you upload some malicious script as media file (can be even in html format) and later one point to it or navigate to media url then script will run.

    Platform is not validating content of uploaded media files. In order to perform this kind of attack attacker needs: 1. Rights to upload malicious script as media 2. Send link to victim, or edit specific page content injecting uploaded media.

    In first place media upload should be restricted only to your internal network.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.