Mercurial > hg > orthanc-tests
comparison Database/2017-06-27-XSSInjection.txt @ 110:4a8df7a0d0b9
sample file to test XSS inside DICOM in Orthanc Explorer
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Tue, 27 Jun 2017 17:55:19 +0200 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
109:5b6812f8cc38 | 110:4a8df7a0d0b9 |
---|---|
1 Stored Cross Site Scripting (XSS) | |
2 --------------------------------- | |
3 | |
4 - Application: Orthanc (1.2.0) | |
5 - Researcher: Victor Pasnkel (Morphus Labs) | |
6 - XSS inside DICOM file (metadata) | |
7 - File can be uploaded to the Web application | |
8 - Tested on: OSX El Capitan (10.11.6) | |
9 | |
10 Source: | |
11 https://drive.google.com/open?id=0B5BZfMPc1T-Ib004SExMZXFNSDg | |
12 | |
13 | |
14 Generation of sample file | |
15 ------------------------- | |
16 | |
17 # cp DummyCT.dcm 2017-06-27-XSSInjection.dcm | |
18 # dcmodify -m 'PatientName=HelloWorld<script>alert("XSS inside DICOM file 1");</script>' \ | |
19 -m 'StudyDescription=MyStudy<script>alert("XSS inside DICOM file 2");</script>' \ | |
20 -m 'SeriesDescription=MySeries<script>alert("XSS inside DICOM file 3");</script>' \ | |
21 2017-06-27-XSSInjection.dcm |