Mercurial > hg > orthanc-tests
annotate Database/2017-06-27-XSSInjection.txt @ 487:18f2d55182fd
more dicom-web tests
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 29 Jun 2022 11:23:33 +0200 |
parents | 4a8df7a0d0b9 |
children |
rev | line source |
---|---|
110
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
1 Stored Cross Site Scripting (XSS) |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
2 --------------------------------- |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
3 |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
4 - Application: Orthanc (1.2.0) |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
5 - Researcher: Victor Pasnkel (Morphus Labs) |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
6 - XSS inside DICOM file (metadata) |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
7 - File can be uploaded to the Web application |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
8 - Tested on: OSX El Capitan (10.11.6) |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
9 |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
10 Source: |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
11 https://drive.google.com/open?id=0B5BZfMPc1T-Ib004SExMZXFNSDg |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
12 |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
13 |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
14 Generation of sample file |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
15 ------------------------- |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
16 |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
17 # cp DummyCT.dcm 2017-06-27-XSSInjection.dcm |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
18 # dcmodify -m 'PatientName=HelloWorld<script>alert("XSS inside DICOM file 1");</script>' \ |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
19 -m 'StudyDescription=MyStudy<script>alert("XSS inside DICOM file 2");</script>' \ |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
20 -m 'SeriesDescription=MySeries<script>alert("XSS inside DICOM file 3");</script>' \ |
4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff
changeset
|
21 2017-06-27-XSSInjection.dcm |