Closed
Bug 1012563
Opened 10 years ago
Closed 10 years ago
HTML Injection In Wiki.mozilla.org
Categories
(Websites :: wiki.mozilla.org, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: omerbutt26, Unassigned)
References
Details
(Keywords: sec-vector)
Hi, My name is OMer Iqbal. I am a security researcher. As my previous reports goes duplicate, I thought of finding more vulnerabilities. This time I've founded HTML Injection in wiki.mozilla.org. You can read more about HTML Injection on WikiPedia & Owasp. Steps To reproduce: Step 1: Go to Forgot password page (https://wiki.mozilla.org/Special:PasswordReset) Step 2: Enter any HTML in username box. Example: <span style="color:green;">HTML INJECTION</span> You will HTML Injection written in green color. I'll be waiting for your reply :)). This vulnerability is in Mediawiki (I've also reported to them) Thank You, Omer
Thanks for the report but if you've already reported it to Mediawiki and the error is in their code then that is the proper place for this report. If you could provide a bug number or link to the media wiki bug that would be helpful.
|
||
Updated•10 years ago
|
Keywords: sec-vector
|
|
||
Updated•10 years ago
|
Flags: sec-bounty?
|
Reporter | |
Comment 2•10 years ago
|
||
Hi, They have not replied me till yet but I'll not share this bugzilla report because it contains the bug in Mozilla site. I reported it here because I thought I would be eligible for bounty because I founded it in Mozilla site ^_^
|
||
Comment 3•10 years ago
|
||
Adding Chris to help.
(In reply to Omer Iqbal from comment #2) > Hi, > > They have not replied me till yet but I'll not share this bugzilla report > because it contains the bug in Mozilla site. > > I reported it here because I thought I would be eligible for bounty because > I founded it in Mozilla site ^_^ We normally don't pay for bounties in third party software even it if said software is used in our site. However, I have marked this bug for the committee to consider
|
|
Reporter | |
Comment 5•10 years ago
|
||
Hi Curtis, Thank You so much for marking the bug, I'll wait for the response :)).
As I responded to Omer directly as well, in this case the username is being parsed as wikitext. So anything you can put into an article can be inject, however nothing that is disallowed in wikitext is allowed. With the configuration that Mozilla uses for their wiki, this cannot be abused for any malicious purposes. Under certain rare, non-default configurations, this can be used for xss-- we're tracking that issue with https://bugzilla.wikimedia.org/show_bug.cgi?id=65501.
|
||
Comment 7•10 years ago
|
||
this isn't dangerous and there is no risk here.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → INVALID
|
||
Updated•10 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•