Closed Bug 877643 Opened 8 years ago Closed 8 years ago
XSS in bugzilla attachments
Received: by 10.66.41.17 with HTTP; Thu, 30 May 2013 06:29:56 -0700 (PDT) Date: Thu, 30 May 2013 18:59:56 +0530 Subject: Stored XSS in bugzilla From: Siddhesh Gawde <firstname.lastname@example.org> To: Mozilla Security <email@example.com> -----//----- Hello , I have found an Stored xss on bugzilla subdomain. Poc: Make an account-->File a bug-->Upload an HTML file containing the following vector <script>alert(document.domain)</script> <script>alert(1)</script> And submit the bug. When any person will click on the attachment to check the poc or pic ,XSS will occur. Eg: http://attach.landfill.bugzilla.org/bugzilla-4.4-branch/attachment.cgi?id=2831
8 years ago
Status: NEW → UNCONFIRMED
Ever confirmed: false
Also the above link works even if you are not signed into your account ,it dosent show account error of authentication. So this can be used to spread malicious files also like .exe .php etc.
please search for duplicates before filing bugs, this has been reported many times.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 38862
<sigh> This is a dupe. Perhaps we should put a document up explaining our position on this? It seems like this gets "discovered" about every 2 weeks... Gerv
You need to log in before you can comment on or make changes to this bug.