Open-Xchange: Referer in /servlet/TestServlet

2018-04-25T03:04:29
ID H1:342976
Type hackerone
Reporter secator
Modified 2020-01-24T11:45:49

Description

Hi.

No encode referer URL in https://sandbox.open-xchange.com/servlet/TestServlet You check <script></script>, but i think you need just replace &lt; to &lt; in all content.

Auth in OX && go to Automatic redirect to Sandbox: http://secator.com/ox/referer.html?&lt;script/src=/appsuite/api/files/alert.json?action=document&folder=10&id=10%2F215&delivery=view&gt;&lt;/script/&gt;

Steps 1. Upload file 2. Change mimetype to {"file":{"file_mimetype":"text/x-javascript"}} 3. Share to All (or Link, but then need insert Iframe, same as in #342585) 4. Make URL with any HTML/JS code with this link

{F290119}

Impact

malicious code injection