1090112 - File upload

Status: RESOLVED INVALID

(www.mozilla.org :: General, defect)

Description

[Hammad]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141011015303

Steps to reproduce:

This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.


Actual results:

Attack details
Form name: reportForm
Form action: https://www.mozilla.org/en-US/about/legal/fraud-report/
Form method: POST

Form inputs:

csrfmiddlewaretoken [Hidden]
input_url [Text]
input_category [Select]
office_fax [Text]
input_product [Select]
input_specific_product [Text]
input_details [TextArea]
input_attachment [File]
input_attachment_desc [TextArea]
input_email [Text]
submit_form [Submit]


Expected results:

This vulnerability affects /en-US/about/legal/fraud-report.
If the uploaded files are not safely checked an attacker may upload malicious files.
Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded.

Comment 1

[Reed Loden [:reed]]

Please don't submit untested reports from vulnerability scanners. They are almost always wrong (such as this case).