DSpace 5.x suffers from several vulnerabilities, including XSS, Path Traversal 

Exploit Title: Dspace Multiple Vulnerabilities 

Date: 3/2/2015
Exploit Author: Khalil Shreateh
Software Link: http://demo.dspace.org/
Version: DSpace <= 5.0
Tested on: Windows 7
"DSpace open source software is a turnkey repository application used by more than 1000+ organizations and institutions worldwide to provide durable access to digital resources."

XMLUI (Cocoon/XSLT) - The XML / XSLT / Cocoon user interface

This version suffers from Path Traversal vulnerability, to exploit this vulnerability i used double encoding for the dot (.) 

so the ../  wil be %252e%252e/  

POC : 


JSPUI (JSP) - traditional JSP-based interface 

A. Path Traversal Vulnerability

The first vulnerability in this version allows to read files on server .

POC : 

B. Cross Site Scripting (XSS) Vulnerability

The second vulnerability in this version allows to execute arbitrary commands and display arbitrary content in a victim user's browser

The vulnerability exists in several varialbes

- filtertype

- filter_type_1

- filtername

- filter_field_1

All the above varialbes are not sanitized correctly . 



Dspace team annoucement article :