GeoNetwork - Geographic Metadata Catalog Icon

User Ratings

★★★★★
★★★★
★★★
★★
66
0
0
0
2
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 5 / 5
Write a Review

User Reviews

  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Session hijacking in GeoNetwork 3.2.1 The Functionality The application's sign out function updates the catalog search page by removing user information, generates a new JSESSIONID token (probably because it destroys the previous session), and informs its value in the URL. The Assumption By noting the jsessionid = C5AAC77B7F211548F5FD1D5ABE504BC5 excerpt in the URL suggests that session management is based on the typical JSESSIONID token of the Apache Tomcat web server. The Attack Using brute-force techniques, arbitrary values were injected into the JSESSIONID cookie until the value checked with the JSESSIONID of an authenticated profile at that time, and the system granted the attacker access as if it were the legitimate user with the same permissions. Control bypassing in GeoNetwork 3.2.1 The Functionality The system has several levels of permission, among which Registered User is the most basic. In our configuration, a registered user can not change their own registration and to guarantee this restriction when the person clicks on his own name at the top of the page requesting the link to change his profile (/srv/eng/admin.console#/ Organization / users? UserOrGroup = username), the system loads the page but redirects it to the catalog search (catalog.search). The Assumption Because the system renders the page, presumably the redirection control is in the client-side JavaScript API, it is possible to stop that redirection and fill out the form as we see fit. The Attack The redirect to the search page was stopped and the record opened. When the form was rendered, the permission fields in the groups section were locked. When saving, the JSON package carrying the data has been tampered with making the Registered User an administrator of several available groups and the system has not blocked this change in any time

    Posted 06/21/2017
  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Did anyone actually test this in Windows 7? It does not install correctly and will not run. Disappointing and a waste of time.

    Posted 04/01/2011

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Windows
Mac
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies
X

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks