Closed
Bug 1764699
Opened 3 years ago
Closed 3 years ago
CSRF in choosing solution in support.mozilla.org
Categories
(support.mozilla.org :: General, task)
support.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1761746
People
(Reporter: haxatron1, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
It is possible to trick the original question owner into choosing a solution to the problem via CSRF
POC:
- Create a question
- Answer the question, note the answer ID in the fragment of the URL after you answered the question. For example, for https://support.allizom.org/en-US/questions/1207236#answer-1082775, the answer ID is 1082775.
- If a question owner clicks on the URL via a CSRF attack - https://support.allizom.org/en-US/questions/[Question]/solve/[Answer-ID], they will unknowingly answer the question.
Flags: sec-bounty?
(In reply to haxatron1 from comment #0)
It is possible to trick the original question owner into choosing a solution to the problem via CSRF
POC:
- Create a question
- Answer the question, note the answer ID in the fragment of the URL after you answered the question. For example, for https://support.allizom.org/en-US/questions/1207236#answer-1082775, the answer ID is 1082775.
- If a question owner clicks on the URL via a CSRF attack - https://support.allizom.org/en-US/questions/[Question]/solve/[Answer-ID], they will unknowingly answer the question.
- If a question owner clicks on the URL via a CSRF attack - https://support.allizom.org/en-US/questions/[Question-ID]/solve/[Answer-ID], they will unknowingly choose a solution
An attacker can use this to trick a user into choosing their answer.
|
||
Updated•3 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Component: Other → General
Product: Websites → support.mozilla.org
Resolution: --- → DUPLICATE
|
|
||
Comment 3•3 years ago
|
||
Hello,
Thank you for your report.
Unfortunately, we already received a report about the same issue and we are working on addressing it.
Thanks,
Frida
|
|
||
Updated•3 years ago
|
Flags: sec-bounty? → sec-bounty-
|
|
||
Updated•3 years ago
|
Group: websites-security
|
||
Updated•11 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•