[CKAN-Security] Fwd: Re: Vulnerabilities reported on OpenBugBounty.org

• Previous message: [CKAN-Security] XSS for multiple sites
• Next message: [CKAN-Security] Fwd: Vulnerabilities reported on OpenBugBounty.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: "Cameron Dawe" <admin at spam404.com>
Date: 15 Sep 2017 4:18 am
Subject: Re: Vulnerabilities reported on OpenBugBounty.org
To: "Adrià Mercader" <amercadero at gmail.com>
Cc:

Hey Adrià,

Thanks for reaching out so quickly. I would be delighted to share the
technical details with you.

I found a reflected cross-site scripting vulnerability on the following
file, api_info.html. Specifically, the `datastore_root_url` parameter.

For the example OBB report you provided I'll provide the PoC URL to give
you an idea of how this would be exploited (please test using Chrome or
Firefox) -
opendatani.gov.uk - https://www.opendatani.gov.uk/api/1/util/snippet/api_
info.html?resource_id=0195d6db-b1c8-4a2a-b451-36bc4eeb9361&datastore_root_
url=javascript:alert(/XSS/)//

To trigger, simply click on any of the hyperlinks beginning with
"javascript:alert" and it will invoke an alert box with the text "XSS".

I found this while participating in the following bug bounty program -
https://hackerone.com/tts. I thought I'd mention that as it's likely TTS
will reach out to you guys with vulnerability details also.

I hope this helps and I look forward to hearing from you soon Adrià.

Kindest Regards,

Cameron

Spam404.com
------------------------------
*From:* Adrià Mercader <amercadero at gmail.com>
*Sent:* 14 September 2017 15:35
*To:* admin at spam404.com
*Subject:* Vulnerabilities reported on OpenBugBounty.org

Hi,

My name is Adrià Mercader and I'm one of the maintainers of CKAN, the open
source software that powers all the sites that you reported today on
OpenBugBounty (eg https://www.openbugbounty.org/reports/294186/)

CKAN version check on all sites: https://www.opendatani.gov.uk/
api/action/status_show
CKAN repository: https://github.com/ckan/ckan
My profile on Github (including this email address): https://github.com/
amercader
My contributions to the repo: https://github.com/ckan/
ckan/graphs/contributors
Example commit made by myself: https://github.com/ckan/ckan/commit/
96e5e80b35a68ede1f8f2b151e8d49b318b461f1.patch
Listed as part of the technical team in the project site:
https://ckan.org/about/technical-team/

First of all thanks a lot for reporting the issue responsibly and give us
time to warn the administrators to patch their sites. We have patched XSS
related issues recently and included them in our latest security releases
so we would like to confirm if this particular issue has been covered or we
need to prepare new patches.

Would you mind sharing the details of the vulnerability so we can act as
soon as possible?

I'm happy to give any further confirmation that you require.

Many thanks,

Adrià
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20170915/a8d1e387/attachment.html>

• Previous message: [CKAN-Security] XSS for multiple sites
• Next message: [CKAN-Security] Fwd: Vulnerabilities reported on OpenBugBounty.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]