Bug 421700

Summary: Reflected XSS - https://dev.eclipse.org/portal/myfoundation/tests/explore.php
Product: Community Reporter: Jamieson O\'Reilly <jamiesonoreilly>
Component: Project Management & PortalAssignee: Portal Bugzilla Dummy Inbox <portal-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: P3 CC: contact, denis.roy, nobody, wayne.beaton
Version: unspecifiedKeywords: security
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Attachments:
Description Flags
Screen Shot of XSS none

Description Jamieson O\'Reilly CLA 2013-11-14 00:39:19 EST 
Created attachment 237457 [details]
Screen Shot of XSS

The dev.eclipse.org/portal/myfoundation/tests/explore.php file is vulnerable to reflected Cross-site-scripting attacks that would allow a malicious user to steal authentication cookies with user interaction.

Proof of Concept URL: 

https://dev.eclipse.org/portal/myfoundation/tests/explore.php?component=anonymous_forms/anonymous_forms&class=%22%3Cimg%20src=x%20onerror=alert%28document.cookie%29%20%3E
Comment 1 Jamieson O\'Reilly CLA 2013-11-14 00:43:57 EST 
Tested and working in FireFox 20.0 

Not working in Chrome/IE
Comment 2 Denis Roy CLA 2013-11-14 09:03:53 EST 
Matt, Wayne, since the Portal is deprecated, can we just remove or otherwise block this file?

If altering the code and rebuilding the Portal is too much of a hassle, I'm open to adding an Apache rewrite to send a 403 Forbidden for that URI.
Comment 3 Wayne Beaton CLA 2013-11-14 11:27:50 EST 
I'll investigate
Comment 4 Wayne Beaton CLA 2013-11-14 12:38:23 EST 
I decided that the cost of fixing the problem outweighed the benefit of maintaining the page. I've replaced the dynamic content with a static message.