Closed
Bug 1277857
Opened 8 years ago
Closed 8 years ago
XSS on transvision.mozfr.org
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: claudijd, Assigned: pascalc)
References
Details
From Griffin: Appears to be fixed. Here is another vulnerable paramter - https://transvision.mozfr.org/?locale=fr&repo=release&recherche=Don%27t&jsonuy1ai%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Erebpy
Reporter | ||
Comment 1•8 years ago
|
||
pierros: Including you on this bug because I have you as the community sec PoC. pascal: Including you because I see you're active on the project and fixed previous XSS issues in this application (RE: https://github.com/mozfr/transvision/issues/676) and our work together on Bug #1277512.
Flags: needinfo?(pierros)
Flags: needinfo?(pascalc)
Reporter | ||
Comment 2•8 years ago
|
||
Clearing NI's, unable to reproduce the bug ATM.
Flags: needinfo?(pierros)
Flags: needinfo?(pascalc)
Reporter | ||
Updated•8 years ago
|
Status: NEW → UNCONFIRMED
Ever confirmed: false
Reporter | ||
Comment 3•8 years ago
|
||
Griffin: I have not been able to reproduce this bug. Perhaps it was identified before the fixes for Bug #127751 were implemented? If not, can you please include some more details about where the bug is. REQUEST GET /?locale=fr&repo=release&recherche=Don%27t&jsonuy1ai%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Erebpy HTTP/1.1 Host: transvision.mozfr.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:48.0) Gecko/20100101 Firefox/48.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cookie: _pk_id.8.557e=d40f91bdb24f5534.1464876823.2.1464884424.1464884418. Connection: close Upgrade-Insecure-Requests: 1 RESPONSE HTTP/1.1 200 OK Date: Fri, 03 Jun 2016 14:31:07 GMT Server: Apache/2.4.10 (Debian) Transvision-perf: Memory: 19922944 (19MB); Time: 0.1905s Cache-Control: max-age=604800 Expires: Fri, 10 Jun 2016 14:31:07 GMT Vary: Accept-Encoding Content-Length: 514949 Connection: close Content-Type: text/html; charset=UTF-8 ...SNIP... <a href="/?locale=fr&repo=release&recherche=Don&#39;t&jsonuy1ai&#34;&#62;&#60;script&#62;alert(1)&#60;/script&#62;rebpy=&json=true&locale=en-US&sourcelocale=fr">en-US</a> or <a href="/?locale=fr&repo=release&recherche=Don&#39;t&jsonuy1ai&#34;&#62;&#60;script&#62;alert(1)&#60;/script&#62;rebpy=&json=true&locale=fr&sourcelocale=en-US">fr</a>. ...SNIP...
Flags: needinfo?(griffin.francis.1993)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → pascalc
Assignee | ||
Comment 4•8 years ago
|
||
I can't reproduce either
Comment 5•8 years ago
|
||
I am having issues reproducing this now also. It fired within my browser this morning once and also last night. Perhaps a caching issue? Odd. We should be able to mark this as closed.
Updated•8 years ago
|
Flags: needinfo?(griffin.francis.1993)
Assignee | ||
Comment 6•8 years ago
|
||
Closing as we can't reproduce, thanks.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•