Status

Websites
Other
RESOLVED DUPLICATE of bug 1259008
2 years ago
2 years ago

People

(Reporter: Jaume, Unassigned)

Tracking

unspecified
Bug Flags:
sec-bounty -

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?], URL)

(Reporter)

Description

2 years ago
I found a SQL Injection in https://bugzilla.mozilla.org/ domain. 

To reproduce:
https://bugzilla.mozilla.org/buglist.cgi?query_format=specific&order=relevance%20desc&bug_status=_open_&product=&content=%3E%3E/=1&comments=0

Enter in the website, and you can see the MYSQL error
DBD::mysql::db selectcol_arrayref failed: syntax error, unexpected '>' [for Statement "SELECT bugs.bug_id AS bug_id, (MATCH(bugs_fulltext_0.short_desc) AGAINST('>>/=1' IN BOOLEAN MODE)) AS relevance FROM bugs LEFT JOIN bug_group_map AS security_map ON bugs.bug_id = security_map.bug_id AND NOT ( security_map.group_id IN (69) ) LEFT JOIN cc AS security_cc ON bugs.bug_id = security_cc.bug_id AND security_cc.who = 567004 LEFT JOIN bugs_fulltext AS bugs_fulltext_0 ON bugs.bug_id = bugs_fulltext_0.bug_id WHERE bugs.creation_ts IS NOT NULL AND (security_map.group_id IS NULL OR (bugs.reporter_accessible = 1 AND bugs.reporter = 567004) OR (bugs.cclist_accessible = 1 AND security_cc.who IS NOT NULL) OR bugs.assigned_to = 567004 OR bugs.qa_contact = 567004) AND MATCH(bugs_fulltext_0.short_desc) AGAINST('>>/=1' IN BOOLEAN MODE) GROUP BY bugs.bug_id ORDER BY relevance DESC LIMIT 500 "]
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1259008
Group: websites-security
Flags: sec-bounty-
You need to log in before you can comment on or make changes to this bug.