Description
Description
In this case, the attacker can specify the value that enters the program at get() in customizer.js at line 137, and this value is used to access a system resource at get() in customizer.js at line 142.
Explanation:
A resource injection issue occurs when the following two conditions are met:
An attacker can specify the identifier used to access a system resource.
For example, an attacker might be able to specify a port number to be used to connect to a network resource.
By specifying the resource, the attacker gains a capability that would not otherwise be permitted.
For example, the program may give the attacker the ability to transmit sensitive information to a third-party server.
PoC
$http.get(FILES.JSON_THEMES)
.then(function (themeList) {
var promises = [];
var themes = {};
angular.forEach(themeList.data, function(theme) {
var tp = $http.get('/customizer/themes/' + theme + '.json');
tp.then(function (response) {
themes[theme] = response.data;
});
promises.push(tp);
});
Impact
Attackers can control the resource identifier argument to get() at customizer.js line 142, which could enable them to access or modify otherwise protected system resources.
Location
ui-grid/misc/site/js/customizer.js
Line 142 in 4aa2cc5