Weakness: Resource Injection
Severity: Medium
Impact: An attacker would be able to perform phishing, tricking victims into entering information in custom-made malicious fields.
VULNERABILITY FIX:
Step 1: Log in to the Server and open the file index.html available under the below-mentioned path
Windows Path
\SearchBloxServer\webapps\ROOT\api\index.html
Linux Path
/opt/searchblox/webapps/ROOT/api/index.html
Step 2: Add and update the script tag at line #52 with the below JavaScript snippet :
,
function UrlParamDisablePlugin() {
return {
statePlugins: {
spec: {
wrapActions: {
// Remove the ?url parameter from loading an external OpenAPI definition.
updateUrl: (oriAction) => (payload) => {
// const url = new URL(window.location.href)
// if (url.searchParams.has('url')) {
// url.searchParams.delete('url')
// window.location.replace(url.toString())
// }
const wurl= window.location.href
if(wurl.indexOf("?") !== -1){
const wurl1=wurl.split("?")[0]
window.location.replace(new URL(wurl1).toString())
}
return oriAction(payload)
}
}
}
}
}
}
Reference Screenshot:
Step 3: Save the file.
Important Note: Restart is not required.
Reference File Download: https://d2fco3ozzrfhhd.cloudfront.net/swagger/index.html
Comments
0 comments
Please sign in to leave a comment.