Closed
Bug 740528
Opened 13 years ago
Closed 13 years ago
[Web Search Engine] Create False Variables
Categories
(addons.mozilla.org Graveyard :: Search, defect)
addons.mozilla.org Graveyard
Search
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: kontakt, Unassigned)
Details
Attachments
(1 file)
168.84 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0
Build ID: 20120129021758
Steps to reproduce:
Hi,
I found a bug that allows you to create any number of false variables.
Thanks for reply,
Best Regards,
Artur Czyz
Actual results:
Here's an example:
https://addons.mozilla.org/mn/firefox/search/?q=;addfalsevariable;addfalsevariable2;wecanaddalotoffalsevariable;
screenshot[1] is in attachment.
Error running on each side of Mozilla, which uses this type of search engine.
For example:
https://addons.mozilla.org/mn/developers/search?q=;addfalsevariable;addfalsevariable2;wecanaddalotoffalsevariable;
When we click on "Log in", we can see this URL:
https://addons.mozilla.org/mn/firefox/users/login?to=/mn/firefox/search/?q=&wecanaddalotoffalsevariable=&addfalsevariable=&addfalsevariable2=
As I said, in we can create a false variables.
Comment 1•13 years ago
|
||
Have you identified a security risk?
I think this can be a type of XSS attack or DOS attack (application crasher).
Comment 3•13 years ago
|
||
As long as it's properly escaped it's not XSS. If you can provide a proof of concept you could have something, otherwise I don't think this is a bug.
Thanks for reply Wil ;-)
Ad. 1: I will try to bypass a "escaping chars".
Ad. 2. If we create a thousand false variables that can crash a application, but I can't test it.
Best Regards
Comment 5•13 years ago
|
||
Reopen if there is XSS or DOS here but in the mean time I'm closing the bug. Thanks.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Btw. This vulnerability is everywhere. Next example:
https://addons.mozilla.org/mn/firefox/themes/?sort=users;falsename=falsevalue;
and in code we can see:
<input type="hidden" name="falsename" value="falsevalue">
-------------
I'm still working on it - to prove this is propably XSS ;-)
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Updated•8 years ago
|
Group: client-services-security, core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•