You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
GitBlit is not validating or cleaning the input via request parameters.
Steps to reproduce the problem:
1. Open Firefox (Chrome and IE block most XSS)
2. Login to GitBlit
3. Paste the following url into gitblit (filling in the server and repository info):
https://<server>/history/?r=<repository>&h=refs/heads/master<script>alert(“hi”)</script>
https://<server>/log/?r=<repository>&h=refs/heads/master<script>alert(“hi”)</script>
6. Observe the javascript alert
Expected Output:
An error message stating the input was invalid.
Actual Output:
The execution of the javascript alert injected with the h parameter
Environment:
Gitblit Version 1.6.0 running on rhel 6 / tomcat 7 / apache httpd 2.2 with proxy ajp
Reported by 1988porsche944 on 2014-09-05 13:45:05
The text was updated successfully, but these errors were encountered:
An XSS filter based on JSoup has been merged to master & develop.
This filter will strip out all html elements for url parameters and any non-whitelisted
HTML elements from form inputs, markup docs, and optionally commit messages. The whitelist
is based in part on stock JSoup and GitHub's documented html sanitizer.
Originally reported on Google Code with ID 496
Reported by
1988porsche944
on 2014-09-05 13:45:05The text was updated successfully, but these errors were encountered: