Closed
Bug 1090112
Opened 10 years ago
Closed 10 years ago
File upload
Categories
(www.mozilla.org :: General, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Hiqureshi012, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 20141011015303 Steps to reproduce: This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code. Actual results: Attack details Form name: reportForm Form action: https://www.mozilla.org/en-US/about/legal/fraud-report/ Form method: POST Form inputs: csrfmiddlewaretoken [Hidden] input_url [Text] input_category [Select] office_fax [Text] input_product [Select] input_specific_product [Text] input_details [TextArea] input_attachment [File] input_attachment_desc [TextArea] input_email [Text] submit_form [Submit] Expected results: This vulnerability affects /en-US/about/legal/fraud-report. If the uploaded files are not safely checked an attacker may upload malicious files. Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded.
Comment 1•10 years ago
|
||
Please don't submit untested reports from vulnerability scanners. They are almost always wrong (such as this case).
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Component: Untriaged → General
Product: Firefox → www.mozilla.org
Resolution: --- → INVALID
Version: 33 Branch → Production
You need to log in
before you can comment on or make changes to this bug.
Description
•