Mercurial > hg > orthanc-tests

annotate Database/2017-06-27-XSSInjection.txt @ 205:42e4c00fe7c8 Orthanc-1.5.2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 18 Jan 2019 19:11:20 +0100
parents 4a8df7a0d0b9
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
110
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 Stored Cross Site Scripting (XSS)
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 ---------------------------------
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 - Application: Orthanc (1.2.0)
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5 - Researcher: Victor Pasnkel (Morphus Labs)
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 - XSS inside DICOM file (metadata)
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 - File can be uploaded to the Web application
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 - Tested on: OSX El Capitan (10.11.6)
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 Source:
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 https://drive.google.com/open?id=0B5BZfMPc1T-Ib004SExMZXFNSDg
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 Generation of sample file
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 -------------------------
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 # cp DummyCT.dcm 2017-06-27-XSSInjection.dcm
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 # dcmodify -m 'PatientName=HelloWorld<script>alert("XSS inside DICOM file 1");</script>' \
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 -m 'StudyDescription=MyStudy<script>alert("XSS inside DICOM file 2");</script>' \
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 -m 'SeriesDescription=MySeries<script>alert("XSS inside DICOM file 3");</script>' \
4a8df7a0d0b9 sample file to test XSS inside DICOM in Orthanc Explorer
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 2017-06-27-XSSInjection.dcm