Closed Bug 877643 Opened 12 years ago Closed 12 years ago

XSS in bugzilla attachments

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 38862

People

(Reporter: curtisk, Unassigned)

Details

(Keywords: reporter-external)

Received: by 10.66.41.17 with HTTP; Thu, 30 May 2013 06:29:56 -0700 (PDT) Date: Thu, 30 May 2013 18:59:56 +0530 Subject: Stored XSS in bugzilla From: Siddhesh Gawde <coolsiddheshgawade@gmail.com> To: Mozilla Security <security@mozilla.org> -----//----- Hello , I have found an Stored xss on bugzilla subdomain. Poc: Make an account-->File a bug-->Upload an HTML file containing the following vector <script>alert(document.domain)</script> <script>alert(1)</script> And submit the bug. When any person will click on the attachment to check the poc or pic ,XSS will occur. Eg: http://attach.landfill.bugzilla.org/bugzilla-4.4-branch/attachment.cgi?id=2831
Status: NEW → UNCONFIRMED
Ever confirmed: false
Also the above link works even if you are not signed into your account ,it dosent show account error of authentication. So this can be used to spread malicious files also like .exe .php etc.
please search for duplicates before filing bugs, this has been reported many times.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
<sigh> This is a dupe. Perhaps we should put a document up explaining our position on this? It seems like this gets "discovered" about every 2 weeks... Gerv
Flags: sec-bounty-
You need to log in before you can comment on or make changes to this bug.