We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploit Title: XSS Stored Vulnerability in Apache Ranger Version: 3.0.0 Date: 15/02/2024 Exploit Author: Gozan Contact: https://github.com/gozan10 Product: Apache Ranger (https://github.com/apache/ranger) Vendor: Apache Ranger Description: XSS Stored exitst in module Settings > Groups allow attacker excute arbitrary web script
First we need to create a new groups with payload in field name. Payload:
Use burpsuite to change name groups (/service/xusers/secure/groups)
Then we go to Settings > Permissions and click on one of the created modules
Then add the user containing payload XSS in groups name and save
Lastly, in module Settings > Permissions excute payload XSS
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Exploit Title: XSS Stored Vulnerability in Apache Ranger Version: 3.0.0
Date: 15/02/2024
Exploit Author: Gozan
Contact: https://github.com/gozan10
Product: Apache Ranger (https://github.com/apache/ranger)
Vendor: Apache Ranger
Description: XSS Stored exitst in module Settings > Groups allow attacker excute arbitrary web script
First we need to create a new groups with payload in field name.
<script>alert(1)</script>Payload:
Use burpsuite to change name groups (/service/xusers/secure/groups)
Then we go to Settings > Permissions and click on one of the created modules
Then add the user containing payload XSS in groups name and save
Lastly, in module Settings > Permissions excute payload XSS
The text was updated successfully, but these errors were encountered: