Closed
Bug 367759
Opened 18 years ago
Closed 18 years ago
SQL injection vulnerability in policy display
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: jwkbugzilla, Assigned: wenzel)
Details
Check out this URL: http://preview.addons.mozilla.org/en-US/addons/policy/0/1865'%20or%20''!='
Reporter | ||
Comment 1•18 years ago
|
||
Actually, policy display is not the only place where this is an issue: http://preview.addons.mozilla.org/en-US/addons/display/1865%20or%201=1
Assignee | ||
Updated•18 years ago
|
Assignee: nobody → fwenzel
Assignee | ||
Comment 2•18 years ago
|
||
I clean()ed the inputs there with my last update already. In any case thanks again for your help. This is very helpful.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•17 years ago
|
Group: update-security
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•