Closed
Bug 716265
Opened 13 years ago
Closed 13 years ago
Bugzilla HTML attached allow redirect users.
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 554121
People
(Reporter: netfuzzerr, Unassigned)
Details
Attachments
(4 files)
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Steps to reproduce:
Hello,
There is a vulnerability in Bugzilla that allows an attachment to redirect users to other sites when clicking "Details" if the attached "text / html" contain a script by manipulating the "top" of javascript allows you to redirect scripts.
Reproduce:
1. Click in details on file attached.
2. see you be redirected to Google.
Regards,
Mario
|
Reporter | |
Updated•13 years ago
|
Attachment #586718 -
Attachment mime type: text/plain → text/html
|
|
Reporter | |
Comment 1•13 years ago
|
||
|
|
Reporter | |
Comment 2•13 years ago
|
||
Comment on attachment 586723 [details]
only a test, ignore.
><iframe src="https://landfill.bugzilla.org/bugzilla-tip/userprefs.cgi?tab=account" height="1000" width="1000"></iframe>
Attachment #586723 -
Attachment mime type: text/plain → text/htm
|
|
Reporter | |
Updated•13 years ago
|
Attachment #586723 -
Attachment mime type: text/htm → text/html
|
|
Reporter | |
Comment 3•13 years ago
|
||
Comment on attachment 586723 [details]
only a test, ignore.
<iframe src="https://bugzilla.mozilla.org/userprefs.cgi?tab=account" height="1000" width="1000"></iframe>
|
|
Reporter | |
Comment 4•13 years ago
|
||
|
|
Reporter | |
Updated•13 years ago
|
Attachment #586724 -
Attachment mime type: text/plain → text/html
|
|
Reporter | |
Comment 5•13 years ago
|
||
|
|
Reporter | |
Comment 6•13 years ago
|
||
Comment on attachment 586725 [details]
test
><iframe id="iframe" src="https://bugzilla.mozilla.org/userprefs.cgi?tab=account" height="1000" width="1000" onload="c();"></iframe>
><script>
>function c(){
>e=document.getElementById("iframe").contentDocument.getElementById("bugzilla-body");
>alert(e);
>}
></script>
Attachment #586725 -
Attachment mime type: text/plain → text/html
|
||
Comment 7•13 years ago
|
||
We already asked you to not use this Bugzilla installation for your testing! Please use landfill instead.
There is nothing new here which hasn't been discussed several times.
Assignee: general → attach-and-request
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Component: Bugzilla-General → Attachments & Requests
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 8•13 years ago
|
||
I'm sorry, i was study a clickjacking vulnerability in landfill, i was only checking if works too in bugzilla.
|
|
||
Comment 9•13 years ago
|
||
Bug 554121 is a more accurate bug to point to.
You need to log in
before you can comment on or make changes to this bug.
Description
•