[CKAN-Security] Security issue : Cross Site Scripting Attack (XSS) via fileupload

Ajay Srivastava ajsrivastava1990 at gmail.com
Sat Jun 20 18:31:32 UTC 2015


# Exploit Title: Cross Site Scripting Attack (XSS) via fileupload
# Vulnerability Type : Stored XSS via file upload
# Severity : High

### Description ###

CKAN has "Add dataset" functionality which uses file upload to upload
files. File which is getting uploaded is not getting validated on the
server side for restricted content-type. It is possible to upload a html
file containing malicious javascript code. Using which an attacker can
steal cookie of logged in user and much more.

### Proof of Concept ###

Screenshot attached.

### Solution ###

It is recommended to check the file extension, content-type and if possible
content of the uploaded files on the server-side code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150621/9b93d753/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ckanXSS.png
Type: image/png
Size: 140827 bytes
Desc: not available
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150621/9b93d753/attachment.png>


More information about the Security mailing list