We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploit Title: XSS Stored Vulnerability in Apache Ranger Version: 3.0.0 Date: 20/02/2024 Exploit Author: Gozan Contact: https://github.com/gozan10 Product: Apache Ranger (https://github.com/apache/ranger) Vendor: Apache Ranger Description: XSS Stored exitst in module Access Manager > Reports allow attacker excute arbitrary web script
First we need to create new group with payload in field name. Payload:
Use burpsuite to change name groups (/service/xusers/secure/groups)
Then we go to Access Manager > Reports and click on Search By -> Group add a group containing malicious code
Then click Search From then on, every time the group is clicked, the code is executed Result
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Exploit Title: XSS Stored Vulnerability in Apache Ranger Version: 3.0.0
Date: 20/02/2024
Exploit Author: Gozan
Contact: https://github.com/gozan10
Product: Apache Ranger (https://github.com/apache/ranger)
Vendor: Apache Ranger
Description: XSS Stored exitst in module Access Manager > Reports allow attacker excute arbitrary web script
First we need to create new group with payload in field name.
<script>alert(1)</script>Payload:
Use burpsuite to change name groups (/service/xusers/secure/groups)
Then we go to Access Manager > Reports and click on Search By -> Group add a group containing malicious code
Then click Search
From then on, every time the group is clicked, the code is executed
Result
The text was updated successfully, but these errors were encountered: