Closed Bug 1059743 Opened 10 years ago Closed 10 years ago

CSRF token Validation Problem on support.mozilla.org

Categories

(support.mozilla.org :: General, defect)

x86
Windows 7
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: cvps_47, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [site:support.mozilla.org][reporter-external])

Attachments

(1 file)

Attached video support.mozilla.avi
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release) Build ID: 20140716183446 Steps to reproduce: Tools description: 1.To find this Vulnerability i use "live HTTP headers". 2.Which is an add-on of Mozilla Firefox. 3.It is use to capture any registration or any request.Also it provide options to edit any request manually and then resend the edited request. 4.You just have to add this add-on in Mozilla Firefox. 5.If you want capture any request then you have to open "live HTTP headers" from Menu bar >> tools >> live HTTP headers and mark check on the capture box then all activities will capture. Steps to Replicate: 1.First you have to add an add-on "live HTTP headers" 2.This is an add-on of Mozilla Firefox 3.Which is use to capture any registration request. 4.Then Register an account on https://support.mozilla.org/en-US/questions/new/desktop/other/form?search=Search&step=aaq-register 5.After fill up the sign up form do not click on "Register" button. First You have to open "live HTTP headers" from Menu bar >> tools >> Live HTTP headers and mark check on capture box. 6.Now click on "Register" button "Live HTTP headers" have captured your registration request. 7.Find this link on the captured request. https://support.mozilla.org/en-US/questions/new/desktop/other/form?search=nayonejash&step=aaq-question 8.Select this link by single click and then click on replay button and then you will see a request in which there is an csrf token. Copy the csrf token on notepad. csrf will mentioned in the captured request Like this: csrfmiddlewaretoken=aVQKATJRMFOVqAwdb8Utt6jE9SdZknQd 9.Now register second account >> capture the request >> and then copy the 2nd account's csrf token on the notepad.Then compare both tokens with each other both will be same. aVQKATJRMFOVqAwdb8Utt6jE9SdZknQd 10.This is the csrf token at which all user's have Registered. Actual results: Bug Description: 1.https://support.mozilla.org have Register all users on same Csrf token, Which is: aVQKATJRMFOVqAwdb8Utt6jE9SdZknQd 2.Csrf Token is not Validating with registration. Expected results: 1.Csrf token must be validate with registration. 2.This is a very critical Vulnerability that all accounts are registering with same/single csrf token. 3.It is too harmful.Because in this situation any of bots/hackers can able to register unlimited Registration with same Csrf token. 4.Also There is a warning from brute force attack!
Group: core-security → websites-security
Product: Core → support.mozilla.org
Summary: CSRF token Validation Problem. → CSRF token Validation Problem on support.mozilla.org
Version: 1.0 Branch → unspecified
That's because you are using the same browser session. Open a different browser and go to the page and you'll get a different token. For example, I just went to register and this is the token I get: <input type='hidden' name='csrfmiddlewaretoken' value='fewm8n520GOCzRK8FrfYQQnWa004unhS' />
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Hi, But attacker can able to register thousands of accounts on same browser with same token.. That will become harmful. Thanks, Asim
We have rate limiting in place to protect us from that kind of attack. Thanks for reporting!
Flags: sec-bounty-
Whiteboard: [site:support.mozilla.org][reporter-external]
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: