question

GowthamChandrasekar-2516 avatar image
0 Votes"
GowthamChandrasekar-2516 asked ·

Security threat

We have a security threats as below.

Issue detail
The application may be vulnerable to DOM-based open redirection. Data is read from location.pathname and passed to xhr.send.Dynamic analysis
Data is read from location.pathname and passed to xhr.send.
The following value was injected into the source:
///Default.aspx//tee3zvbzw3%27%22%60'%22/tee3zvbzw3/%3E%3Ctee3zvbzw3//%3Eka2alcq1qv&;

The stack trace at the source was:
at Object.RwPgE (<anonymous>:1:793178)
at Object.get pathname [as pathname] (<anonymous>:1:800428)
at new Pr (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:101847)
at new Mr (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:104615)
at Or.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:105539)
at Array.<anonymous> (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:17541)
at Function.ae.arrForEach (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:4223)
at st (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:17514)
at St.o.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:20794)
at Object.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:10306)
at St.n.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:22025)
at St.r as initialize
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:123809
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at ya.loadAppInsights (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:123643)
at Function.Ia.getAppInsights (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:126383)
at t (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:126866)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:127322
The stack trace at the sink was:
at Object.efGJl (<anonymous>:1:811973)
at Object.IQlSq (<anonymous>:1:833965)
at XMLHttpRequest._0x38c034.XMLHttpRequest.<computed> [as send] (<anonymous>:1:835049)
at Cr.u as _sender
at Cr.c.triggerSend (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:94962)
at Cr.r as triggerSend
at Arguments.<anonymous> (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:89405)
at <anonymous>:1:863858
at d (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:89381)
at Cr.c.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:93776)
at Cr.r as processTelemetry
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)
at Na.c.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16388)
at Array.<anonymous> (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:18384)
at ae.arrForEach (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:4223)
at gt.o.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:18327)
at gt.r as processTelemetry
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)
at Na.c.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16388)
at ki.a.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16845)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:63329
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at ki.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:62885)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)

Issue detail
The application may be vulnerable to DOM-based HTML5 storage manipulation. Data is read from location.pathname and passed to sessionStorage.setItem.value.

Dynamic analysis
Data is read from location.pathname and passed to sessionStorage.setItem.value.
The following value was injected into the source:
/////v2z4d9hw7h%27%22%60'%22/v2z4d9hw7h/%3E%3Cv2z4d9hw7h//%3Eh17pkkaksj&

The stack trace at the source was:
at Object.RwPgE (<anonymous>:1:793178)
at Object.get pathname [as pathname] (<anonymous>:1:800428)
at new Pr (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:101847)
at new Mr (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:104615)
at Or.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:105539)
at Array.<anonymous> (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:17541)
at Function.ae.arrForEach (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:4223)
at st (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:17514)
at St.o.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:20794)
at Object.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:10306)
at St.n.initialize (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:22025)
at St.r as initialize
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:123809
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at ya.loadAppInsights (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:123643)
at Function.Ia.getAppInsights (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:126383)
at t (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:126866)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:127322
The stack trace at the sink was:
at Object.uWMOe (<anonymous>:1:343194)
at Object.oHxXC (<anonymous>:1:830833)
at Storage.setItem (<anonymous>:1:831832)
at Function.qt.setSessionStorage (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:29814)
at a (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:75074)
at Ui.e.enqueue (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:75588)
at Ui.r as enqueue
at Cr.c.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:93765)
at Cr.r as processTelemetry
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)
at Na.c.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16388)
at Array.<anonymous> (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:18384)
at ae.arrForEach (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:4223)
at gt.o.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:18327)
at gt.r as processTelemetry
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)
at Na.c.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16388)
at ki.a.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16845)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:63329
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at ki.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:62885)
at https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14948
at Ke (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14501)
at Xe.a.processTelemetry (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:14796)
at Na.c.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16388)
at pa.a.processNext (https://js.monitor.azure.com/scripts/b/ai.2.min.js:5:16845)

Please let us know how we can resolve it.

azure-monitor
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you using an Azure tool for this? That message appears to come from a third party "Burp scanner" security tool.

0 Votes 0 ·

Yes. Report generated by Burp Suite web vulnerability scanner v2020.12.1, at Wed Feb 03 08:50:18 EET 2021.

0 Votes 0 ·

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered ·

@GowthamChandrasekar-2516 Here is a blog post which explains DOM-based open redirection and how it can be remediated. Kindly check if it helps.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, After setting both isCookieUseDisabled and isStorageUseDisabled to true, scanner did not report any issues.

1 Vote 1 ·