[asterisk-bugs] [JIRA] (ASTERISK-28970) Reflected XSS
Yunus AYDIN (JIRA)
noreply at issues.asterisk.org
Tue Jun 30 06:08:25 CDT 2020
Yunus AYDIN created ASTERISK-28970:
--------------------------------------
Summary: Reflected XSS
Key: ASTERISK-28970
URL: https://issues.asterisk.org/jira/browse/ASTERISK-28970
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Documentation
Affects Versions: 16.9.0
Reporter: Yunus AYDIN
Description
I found REFLECTED XSS in asterisk.com.
Steps to reproduce
Using any browser (except IE), go to
https://issues.asterisk.org/jira/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=fadeZoom&random=false
You'll see an alert box with your cookie.
I was able to confirm the XSS works in Firefox, Chrome and Opera so the payload successfully bypasses the Chrome XSS filter since the reflection point is directly in a javascript.
Impact
As you know, with a reflected XSS, a malicious user could trick a user into browsing to a URL which would trigger the XSS and steal the user's cookie, capture keyboard strokes, etc and eventually take over a user's account.
Thanks,
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list