Home > mailing lists

pgAdmin4 1.0-beta3 - XSS in sidebar - Mailing list pgadmin-support

From	Krzysztof O
Subject	pgAdmin4 1.0-beta3 - XSS in sidebar
Date	August 4, 2016 21:05:11
Msg-id	CACC7Kc3zfZ_WigCfULeQ99-XpqYq2q53W6PZ2JtXACGCoybZyQ@mail.gmail.com Whole thread Raw
Responses	Re: pgAdmin4 1.0-beta3 - XSS in sidebar (Ashesh Vashi <ashesh.vashi@enterprisedb.com>)
List	pgadmin-support

Tree view

Hi,

I have created table:
    CREATE TABLE "<h1 onmouseover='alert(1);'>x" (
        id serial
    );

In sidebar I expanded "Tables" and i moved my mouse to table "X". In
that case I received javascript alert.

XSS works when i put malicious code into index name or column name:
    CREATE TABLE a (id serial);
    CREATE INDEX "<h1 onmouseover='alert(1);'>idx" ON a(id);

    CREATE TABLE b ("<h1 onmouseover='alert(1);'>column" serial);


During removal index or table still see JavaScript alert. And last
one, in "Properties" tab.


All chars like <, >, ", '. should be filtered in names of tables,
columns, indexes.

Tested on: Pgadmin4 1.0-beta3, Windows 7 x64, Server: PostgreSQL 9.5.3
on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat
4.8.5-4), 64-bit


Regards,
Krzysztof Otręba

Attachment

pgadmin-support by date:

From: Mahesh Balumuri
Date: 03 August 2016, 15:09:04
Subject: Error while running with apache wsgi

From: Ashesh Vashi
Date: 04 August 2016, 21:09:45
Subject: Re: pgAdmin4 1.0-beta3 - XSS in sidebar

pgAdmin4 1.0-beta3 - XSS in sidebar - Mailing list pgadmin-support

Attachment

Previous

Next