Closed
Bug 1264660
Opened 8 years ago
Closed 8 years ago
SV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3, AAA
Categories
(Bugzilla :: Bugzilla-General, defect)
Bugzilla
Bugzilla-General
Tracking
()
RESOLVED
DUPLICATE
of bug 1259881
People
(Reporter: netfuzzerr, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce: Hey, I'll be explanning this vulnerability in the next comment.
Reporter | ||
Updated•8 years ago
|
Summary: CSV Injection might lead to command injection in Bugzilla users(code: ",=cmd|'/c calc'!C3, → CSV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3,
Reporter | ||
Updated•8 years ago
|
Summary: CSV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3, → CSV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3,AAA
Reporter | ||
Updated•8 years ago
|
Summary: CSV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3,AAA → SV Injection might lead to command injection in Bugzilla users(code: ,=cmd|'/c calc'!C3, AAA
Comment 1•8 years ago
|
||
C'mon Mario, you know about using https://landfill.bugzilla.org or https://bugzilla.allizom.org for testing. Are steps forthcoming as promised or are you just playing around?
Flags: needinfo?(netfuzzerr)
Reporter | ||
Comment 2•8 years ago
|
||
Sorry about that,had tried it at landfill but it seems to not affect bmo. I'll close this and report it again once I have a working poc. Wasnt playing though, was just trying to make my poc sadly it hasnt worked out quite well.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Updated•8 years ago
|
Group: bugzilla-security
Updated•8 years ago
|
Flags: needinfo?(netfuzzerr)
Comment 3•8 years ago
|
||
If he's got a potential PoC that works on landfill I don't want this public yet.
Group: bugzilla-security
Comment 4•8 years ago
|
||
This bug is already public
Group: bugzilla-security
Resolution: INVALID → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•