Closed Bug 39537 Opened 25 years ago Closed 24 years ago

showvotes.cgi needs to validate "voteon" param or "user" param

Categories

(Bugzilla :: Bugzilla-General, defect, P3)

Product:
Bugzilla
Component:
Bugzilla-General
Platform:
Other
Other
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 38855

People

(Reporter: jruderman, Assigned: justdave)

References

Details

(Whiteboard: security)

showvotes.cgi sends the voteon param to sql without making sure it's a clean integer. see bug 39536 for a similar problem.
Blocks: 38852
updating summary to include user param, which is also not checked. going to showvotes.cgi?user=1%20or%201%20=%201 will freeze bugzilla for several minutes -- i think one person going to that url prevents *everyone* from using it. it shouldn't be that easy to dos bugzilla :)
Summary: showvotes.cgi needs to validate "voteon" param → showvotes.cgi needs to validate "voteon" param or "user" param
Whiteboard: 2.14
Whiteboard: 2.14 → 2.14,security
moving to real milestones...
Whiteboard: 2.14,security → security
Target Milestone: --- → Bugzilla 2.14
user and voteon (and also bug_id) are validated as part of the patch on bug 38855. *** This bug has been marked as a duplicate of 38855 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
clearing milestone on closed non-FIXED bugs in case they ever get reopened.
Target Milestone: Bugzilla 2.14 → ---
moving all closed Bugzilla bugs to the new Bugzilla product. This batch is DUPLICATE/INVALID/WORKSFORME/WONTFIX reassigning to default owner and QA in case of the bug being reopened. Clearing milestones, since we really shouldn't have them on these types of resolutions. Sorry for the spam everyone...
Assignee: tara → justdave
Status: RESOLVED → NEW
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.