Bug 921451

Summary: [SECURITY] URL manipulation/spoofing attacks or spoofing issue in 404 page.
Product: [Community] Bugzilla Reporter: Simon Green <sgreen>
Component: User InterfaceAssignee: Simon Green <sgreen>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2CC: ebaak, jingwang, rjoost
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.2.5-8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-17 23:16:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Simon Green 2013-03-14 08:54:21 UTC
From upstream:

Hi Team, 

I \/ w4rri0r \/ have found Injection Attack - HTTP Parameter Tampering Vulnerability in one of the mozilla.org sub-domain i.e bugzilla.mozilla.org


Vulnerability Description - 
The Web / HTTP Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.


The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.

For more information - https://www.owasp.org/index.php/Web_Parameter_Tampering

PoC URL - 

https://bugzilla.mozilla.org/bugzilla.mozilla.org%20having%20some%20technical%20issues%20with%20server.%20please%20go%20to%20www.anymaliciousiste.com%20i.e%20bugzilla%20backup%20website.%20Thank%20you%20for%20your%20patience!%20%20It?lang=fr&userid=3&password=ih&rows=20&cols=70


Actual results:

From the above PoC URL, Malicious user modifying elements in the URL sent to a Web site in order to obtain unauthorized information. By modifying the arguments (parameters) in the query, the malicious user can navigate the trusted users and retrieve and/or modify its contents. [Enclosed Screen Shot].


Expected results:

Prevent to parameters / arguments with on the URL. 
Proper error and customized 404 error page page should be come.