Closed
Bug 928470
Opened 11 years ago
Closed 9 years ago
[media wiki] missing CSRF /wiki.mozilla.org/Special:CreateCategory
Categories
(Websites :: wiki.mozilla.org, defect)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: curtisk, Unassigned)
References
Details
(Keywords: sec-vector, Whiteboard: [site:wiki.mozilla.org][reporter-external][vendor])
Attachments
(1 file)
483 bytes,
text/html
|
Details |
Received: by 10.182.92.133 with HTTP; Fri, 18 Oct 2013 10:23:50 -0700 (PDT) Date: Fri, 18 Oct 2013 22:53:50 +0530 Subject: Reporting vulnerabilities in your respective domain wiki.mozilla.org From: Ravindra Singh Rathore <rsrathoreravi@gmail.com> To: security@mozilla.org -----//----- Greetings I am Ravindra Singh Rathore, a young security researcher from India. I have found one more vulnerability in your website wiki.mozilla.org. Vunerability details - Vulnerability type - CSRF Vulnerable url - https://wiki.mozilla.org/Special:CreateCategory Vulnerability details - The createcategory page does not contain any csrf token that's why attacker can create categories on behalf of victim. -- Regards-- Ravindra Singh Rathore Security Researcher mail - rsrathoreravi@gmail.com
Reporter | ||
Comment 1•11 years ago
|
||
assigned to stefan to confirm
Assignee: nobody → sarentz
Flags: sec-bounty?
Comment 2•11 years ago
|
||
Verified that CSRF is missing. You must be a logged in user to use the form though.
Assignee: sarentz → nobody
Whiteboard: [site:wiki.mozilla.org][reporter-external][verif?] → [site:wiki.mozilla.org][reporter-external]
Reporter | ||
Comment 3•11 years ago
|
||
we need to report this to media wiki
Assignee: nobody → curtisk
Summary: missing CSRF /wiki.mozilla.org/Special:CreateCategory → [media wiki] missing CSRF /wiki.mozilla.org/Special:CreateCategory
Comment 4•11 years ago
|
||
Adding Wikimedia's Security guy: Chris Steipp
This is an issue in the SemanticForms extension. I'll contact those maintainers and see if they can get this addressed.
Comment 6•11 years ago
|
||
Because it's 3rd party wikimedia foundation software the wiki.mozilla.org site is not eligible for the bug bounty.
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low
Updated•11 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
This was fixed upstream (https://gerrit.wikimedia.org/r/#/c/103885/)
Comment 8•10 years ago
|
||
Hello there, I have reported nearly 10 vulnerabilities to mozilla all either duplicate or out of bounty scope. At least some token of appreciation should be given by you for our motivation. Thanks
Comment 9•10 years ago
|
||
Hello Ravindra. It has already been pointed out to you that these are outwith Mozilla, being issues with MediaWiki. Also, whilst I will certainly thank you for drawing your attention to these I would note that you offered these observations of your own volition and not at our request. As such you suggestion of "some token of appreciation" is both inappropriate and self-seeking. Mozilla is a non-profit organisation and - as with the case of myself and many others - does not fund voluntary actions. It is our choice to be motivated, not Mozilla's to finance us. I suggest you discuss the matter with MediaWiki should you consider it appropriate*. (* as I have been involved with WMF for very many years, I could advise you that it probably isn't.)
Comment 10•10 years ago
|
||
Hi Ravindra, I can only speak for the MediaWiki side, but the release notes I wrote gave you credit for this issue: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html
Comment 11•10 years ago
|
||
Thanks..
Reporter | ||
Updated•10 years ago
|
Assignee: curtisk → nobody
Whiteboard: [site:wiki.mozilla.org][reporter-external] → [site:wiki.mozilla.org][reporter-external][vendor]
Reporter | ||
Comment 12•10 years ago
|
||
since this is resolved in media wiki I am resolving this bug but not opening as I don't know the install timeline for this in our operations
Comment 14•10 years ago
|
||
Reopening because we haven't deployed the fix on our end yet, AFAICT.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Updated•10 years ago
|
Status: REOPENED → NEW
Updated•10 years ago
|
Comment 15•9 years ago
|
||
We've upgraded the extension in question, and this appears to now be fixed.
Group: websites-security
Status: NEW → RESOLVED
Closed: 10 years ago → 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•