It's not great to leak internal implementation details of your
application out like this, and it may be that someone more skilled at
exploiting things like this could find one.
Michael Della Bitta
Appinions | 18 East 41st St., Suite 1806 | New York
I haven't spent time in trying anything, just entered a query and recognized
that it showed up in the page source view.
If they really escape everything it is not that dangerous?
Actually I don't want to try anything with their page,
they might not have any humor ;-)
Bernd
Am 22.08.2012 15:41,
Actually, I'm having a little trouble coming up with a
proof-of-concept exploit for this... it doesn't seem like Solr is
exposed directly, and it does seem like it's escaping submitted
content before redisplaying it on the page.
I'm not crazy about leaking the raw query string into the HTML, but i
Ouch, not to mention the potential for XSS.
I'll see if I can get in touch with someone.
Michael Della Bitta
Appinions | 18 East 41st St., Suite 1806 | New York, NY 10017
www.appinions.com
Where Influence Isn’t a Game
On Wed, Aug 22, 2012 at 3:4
Now this is very scary, while searching for "solr direct access per docid" I
got a hit
from US Homeland Security Digital Library. Interested in what they have to tell
me
about my search I clicked on the link to the page. First the page had nothing
unusual
about it, but why I get the hit?
http://
