Bug 921451 - [SECURITY] URL manipulation/spoofing attacks or spoofing issue in 404 page.
Summary: [SECURITY] URL manipulation/spoofing attacks or spoofing issue in 404 page.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Bugzilla
Classification: Community
Component: User Interface
Version: 4.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Simon Green
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-14 08:54 UTC by Simon Green
Modified: 2014-10-12 22:50 UTC (History)
3 users (show)

Fixed In Version: 4.2.5-8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-17 23:16:40 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Mozilla Foundation 850546 None None None Never

Description Simon Green 2013-03-14 08:54:21 UTC
From upstream:

Hi Team, 

I \/ w4rri0r \/ have found Injection Attack - HTTP Parameter Tampering Vulnerability in one of the mozilla.org sub-domain i.e bugzilla.mozilla.org


Vulnerability Description - 
The Web / HTTP Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.


The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.

For more information - https://www.owasp.org/index.php/Web_Parameter_Tampering

PoC URL - 

https://bugzilla.mozilla.org/bugzilla.mozilla.org%20having%20some%20technical%20issues%20with%20server.%20please%20go%20to%20www.anymaliciousiste.com%20i.e%20bugzilla%20backup%20website.%20Thank%20you%20for%20your%20patience!%20%20It?lang=fr&userid=3&password=ih&rows=20&cols=70


Actual results:

From the above PoC URL, Malicious user modifying elements in the URL sent to a Web site in order to obtain unauthorized information. By modifying the arguments (parameters) in the query, the malicious user can navigate the trusted users and retrieve and/or modify its contents. [Enclosed Screen Shot].


Expected results:

Prevent to parameters / arguments with on the URL. 
Proper error and customized 404 error page page should be come.


Note You need to log in before you can comment on or make changes to this bug.