Closed
Bug 801027
Opened 12 years ago
Closed 9 years ago
XSS: [wikimedia]wiki.mozilla.org in Semantic Search
Categories
(Websites :: wiki.mozilla.org, defect)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: curtisk, Unassigned)
References
()
Details
(Keywords: wsec-xss, Whiteboard: [site:wiki.mozilla.org])
Hello, My name is Siddhesh Gawde, I am a security researcher ,I have found one vulnerability on an sub-domain of mozilla Details: Type of issue: XSS Browser: Mozilla Firefox v14.0.1 Operating System: Windows 7 Date of finding: 12/10/2012 Website Link: https://wiki.mozilla.org Links: https://wiki.mozilla.org/Special:Ask?eq=yes&order_num=ASC&p[default]=3&p[format]=broadtable&p[headers]=show&p[intro]=3&p[limit]=%27%22%20ns=%20alert%280x012480%29%20&p[link]=all&p[mainlabel]=3&p[offset]=0&p[outro]=3&po=3&q=3&sort_num=3&title=Special%3aAsk&p[limit]=%22%20javascript=prompt%280%29%20onclick=prompt%280%29%20onmouseover=prompt%28/Sidx/%29%20onload=prompt%280%29%20onfocus=prompt%280%29%20ns=%22 As soon as you put the cursor over Format as box you get the alert box. If you need any other information about it then please let me know. Eagerly waiting for your reply. Thank you, Siddhesh Gawde.
Comment 2•12 years ago
|
||
wiki.mozilla.org is not actually on our list of eligible sites. I encourage you to focus your testing on the high-value sites that are http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
:( I am trying on them,but till now no success ! Thanks for letting me know sir. :)
Updated•11 years ago
|
Whiteboard: [site:wiki.mozilla.org]
Comment 4•11 years ago
|
||
This vulnerability is still there, and I've filed it upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=46852. It's also active on the http://www.semantic-mediawiki.org/ site.
Updated•11 years ago
|
Summary: XSS: wiki.mozilla.org → XSS: wiki.mozilla.org in Semantic Search
Reporter | ||
Updated•11 years ago
|
Summary: XSS: wiki.mozilla.org in Semantic Search → XSS: [wikimedia]wiki.mozilla.org in Semantic Search
Comment 5•11 years ago
|
||
https://bugzilla.wikimedia.org/show_bug.cgi?id=46852 was RESOLVED FIXED on 2013-04-10, so presumably this will be fixed whenever the next wiki software update is.
Comment 6•10 years ago
|
||
We've long since updated the MediaWiki software, and this still appears to be live. Could someone CC me on the Wikimedia bug so I can follow up? (Same e-mail address as here.)
Flags: needinfo?(sancus)
Flags: needinfo?(curtisk)
Reporter | ||
Comment 8•10 years ago
|
||
I don't have access to that bug as I did not file nor am I cc'd on it on the wikimedia side.
Flags: needinfo?(curtisk)
Unless I'm missing something, this is the same issue as bug 1041392. The data-url attributes's value isn't being properly escaped on wiki.mozilla.org. The SemanticMediaWiki extension fixed this in https://bugzilla.wikimedia.org/show_bug.cgi?id=46852 (i.e., https://gerrit.wikimedia.org/r/#/c/57433/1 ). Where is mozilla getting the extension from?
Comment 10•10 years ago
|
||
(In reply to csteipp from comment #9) > The SemanticMediaWiki extension fixed this in > https://bugzilla.wikimedia.org/show_bug.cgi?id=46852 (i.e., > https://gerrit.wikimedia.org/r/#/c/57433/1 ). > > Where is mozilla getting the extension from? We're running 1.9 alpha of SemanticMediaWiki, which is possibly the issue. We've scheduled an upgrade of all these SMW-related extensions.
Updated•10 years ago
|
Flags: needinfo?(sancus)
Comment 11•9 years ago
|
||
OK, it looks like the SMW upgrade fixed this.
Group: websites-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•