Closed Bug 761114 Opened 9 years ago Closed 8 years ago

[wiki.mozilla.org] Semantic Forms cross site scripting

Categories

(Websites :: wiki.mozilla.org, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: insecurity.ro, Unassigned)

References

Details

(Keywords: wsec-xss, Whiteboard: [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org])

Attachments

(1 file)

240.27 KB, image/png
Details
Attached image wiki.png
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725

Steps to reproduce:

We have a cross site scripting on wiki mozilla.(Semantic Forms)




Actual results:

I use a simple user account. (on wiki mozilla)

Test on mozilla firefox new version.

We have a xss in https://wiki.mozilla.org/Special:CreateForm

Form name - our "field for xss".

Put our xss code in field "form name", Add template and press button add. 

our xss code :

""><script>alert("3")</script>

Video PoC:

http://youtu.be/c1QkVOUEjMQ
Status: UNCONFIRMED → NEW
Ever confirmed: true
bugs in the wiki are not eligible for the bounty. please see
http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
Not sure who runs wikimo or communicates bugs to Mediawiki, guessing mrz will know.
Assignee: nobody → mrz
Assignee: mrz → bburton
(In reply to Reed Loden [:reed] from comment #5)
> Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150.

:reed, can you cc me on the upstream bug?
Summary: wiki.mozilla.org cross site scripting → [wiki.mozilla.org] Semantic Forms cross site scripting
Whiteboard: [pending new release of semantic forms]
I posted an update to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 about when the next release will do, last one was 03/27/2012
Whiteboard: [pending new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms]
Assignee: bburton → nobody
Priority: -- → P2
Whiteboard: [triaged 20120831][waiting][new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org]
This appears to be fixed to me, likely by the last wiki software update.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Chris,

Can I please get access to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify if/when we've deployed the fix? (It might be that the upstream bug is also eligible to be made public.)
Flags: needinfo?(csteipp)
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #11)
> Chris,
> 
> Can I please get access to
> https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify
> if/when we've deployed the fix? (It might be that the upstream bug is also
> eligible to be made public.)

Done. Do let me know if we can make it public-- we didn't want to do that if mozilla wasn't patched.
Flags: needinfo?(csteipp)
Looks like this was patched in Semantic Forms 2.5 and we're running 2.6.1; we should be good to release the embargo. Thanks, Chris!
Group: websites-security
You need to log in before you can comment on or make changes to this bug.