Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kaltura/server (lastest version)- Cross-Site Scripting (XSS) in "XmlJWPlayer.php" #5303

Closed
bestshow opened this issue Feb 27, 2017 · 2 comments

Comments

@bestshow
Copy link

bestshow commented Feb 27, 2017

Product:kaltura/server
Download: https://github.com/kaltura/server
Vunlerable Version: lastest version
Tested Version: lastest version
Author: ADLab of Venustech

Advisory Details:
I have discovered a Cross-Site Scripting (XSS) in “kaltura/server”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in “entryId” HTTP GET parameter passed to “server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
http://localhost/.../server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php?entryId=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

@kaltura-hooks
Copy link

Hi @bestshow,

Thank for you reporting an issue and helping improve Kaltura!

To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):

  • Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
    please provide as much details as possible.
  • Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
    If self hosted, are you using the RPM or deb install?
  • Packages installed.
    When using RPM, paste the output for:
	# rpm -qa \"kaltura*\"
For deb based systems:
	# dpkg -l \"kaltura-*\"
  • If running a self hosted ENV - provide the MySQL server version used
  • If running a self hosted ENV - is this a single all in 1 server or a cluster?
  • If running a self hosted ENV, while making the problematic request, run:
	# tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"

and paste the output.

  • When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.

For general troubleshooting see:
https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help

If you only have a general question rather than a bug report, please close this issue and post at:
http://forum.kaltura.org

Thank you in advance,

@jessp01
Copy link
Contributor

jessp01 commented Feb 27, 2017

Hi,

Fixed by this patch: https://github.com/kaltura/server/pull/5304/files.
Please patch your local instances accordingly.

@jessp01 jessp01 closed this as completed Feb 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

3 participants