Closed Bug 1826029 Opened 2 years ago Closed 1 year ago

Malformed POST in Developer Tools > Edit & Resend

Categories

(DevTools :: Netmonitor, defect)

Product:
DevTools
Component:
Netmonitor
Version:
Firefox 102
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: me, Unassigned)

References

Details

Attachments

(1 file)

ubg.zip
1.75 MB, application/zip
Details
Attached file ubg.zip

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0

Steps to reproduce:

I was participating in a security CTF (Capture The Flag), and one challenge was web-exploitation.

  1. Send a POST request
  2. Edit and Resend
    a. Modify the POST body
  3. Resend the modified POST body
  4. Check server response

Actual results:

The payload looks something like this:
{"item":"eggs","amount":1}

via Firefox, I tried changing to:
{"item":"eggs","amount":"00"} -> Invalid body, the server failed to parse your request, please try again with a valid payload

Expected results:

via Burp's Proxy (Chromium)

Send the request and modify the POST body before forwarding to the same payload used in Firefox. This time it yields the expected results for this particular challenge, a successful response from the server, in which the "00" is appended to the item amount.

The CTF challenge is specifically a string-concatenation exploit, where you can pass amount as a string, and it gets concatenated. Sending "0", "00", or any string in Firefox yields a Invalid body error, whereas on Burp/Chromium, it properly concatenates the string.

I have attached HAR for both a successful POST (200) and fail (400). I assume the way Firefox is modifying the POST request is causing the request to be malformed.

The Bugbug bot thinks this bug should belong to the 'DevTools::Netmonitor' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Netmonitor
Product: Firefox → DevTools
See Also: → 1790183

Hi, we could not reproduce the bug on Nightly,

Can you check if this works in more recent versions of Firefox (111 to 113)?

Thanks!

Flags: needinfo?(me)

A needinfo is requested from the reporter, however, the reporter is inactive on Bugzilla. Given that the bug is still UNCONFIRMED, closing the bug as incomplete.

For more information, please visit BugBot documentation.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Flags: needinfo?(me)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: