Closed Bug 1013788 Opened 11 years ago Closed 11 years ago

it's possible to get bugzilla to redirect to any url by setting the content-type of an attachment after uploading it

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: glob, Assigned: glob)

Details

Attachments

(1 file)

1013788_1.patch
1.94 KB, patch
dkl
: review+
Details | Diff | Splinter Review
it's possible to get bugzilla to redirect to any url by setting the content-type of an attachment after uploading it 1. attach a file whose payload is any url (not a github pr or rb review) 2. edit the attachment details 3. change the content-type to text/x-review-board-request now trying to view the attachment will redirect you to the specified url.
Attached patch 1013788_1.patchSplinter Review
Attachment #8426058 - Flags: review?(dkl)
Comment on attachment 8426058 [details] [diff] [review] 1013788_1.patch Review of attachment 8426058 [details] [diff] [review]: ----------------------------------------------------------------- Good fix. r=dkl
Attachment #8426058 - Flags: review?(dkl) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 398daee..612ab3f master -> master
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: