Closed Bug 740528 Opened 13 years ago Closed 13 years ago

[Web Search Engine] Create False Variables

Categories

(addons.mozilla.org Graveyard :: Search, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: kontakt, Unassigned)

Details

Attachments

(1 file)

Attached image Screenshot[1]
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0 Build ID: 20120129021758 Steps to reproduce: Hi, I found a bug that allows you to create any number of false variables. Thanks for reply, Best Regards, Artur Czyz Actual results: Here's an example: https://addons.mozilla.org/mn/firefox/search/?q=;addfalsevariable;addfalsevariable2;wecanaddalotoffalsevariable; screenshot[1] is in attachment. Error running on each side of Mozilla, which uses this type of search engine. For example: https://addons.mozilla.org/mn/developers/search?q=;addfalsevariable;addfalsevariable2;wecanaddalotoffalsevariable; When we click on "Log in", we can see this URL: https://addons.mozilla.org/mn/firefox/users/login?to=/mn/firefox/search/?q=&wecanaddalotoffalsevariable=&addfalsevariable=&addfalsevariable2= As I said, in we can create a false variables.
Have you identified a security risk?
I think this can be a type of XSS attack or DOS attack (application crasher).
As long as it's properly escaped it's not XSS. If you can provide a proof of concept you could have something, otherwise I don't think this is a bug.
Thanks for reply Wil ;-) Ad. 1: I will try to bypass a "escaping chars". Ad. 2. If we create a thousand false variables that can crash a application, but I can't test it. Best Regards
Reopen if there is XSS or DOS here but in the mean time I'm closing the bug. Thanks.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Btw. This vulnerability is everywhere. Next example: https://addons.mozilla.org/mn/firefox/themes/?sort=users;falsename=falsevalue; and in code we can see: <input type="hidden" name="falsename" value="falsevalue"> ------------- I'm still working on it - to prove this is propably XSS ;-)
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → INVALID
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Group: core-security
Group: client-services-security, core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: