on 11-12-2015 4:30 PM
We are going through a security assessment and one of the items identified is that the context parameter is vulnerability to a Cross-Site Scripting (XXS) when retrieving images within Hybris.
Their example is the following: http://image.png?context=
My question is can this xss attack be exploited via the context parameter. I know that the context parameter is the encoded image path; would the javascript not being successfully decoded to a path (1) not display an image (2)not execute the javascript.
Thoughts?
Context parameter is used as a pointer to specific media file. This is not XSS per se, if you upload some malicious script as media file (can be even in html format) and later one point to it or navigate to media url then script will run.
Platform is not validating content of uploaded media files. In order to perform this kind of attack attacker needs: 1. Rights to upload malicious script as media 2. Send link to victim, or edit specific page content injecting uploaded media.
In first place media upload should be restricted only to your internal network.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.