Ofer For You (1)

Thursday 15 January 2015

A Bug in Bug Tracker "Bugzilla" exposes Private Bugs

By Kunal Vohra, Director@H2K


A critical vulnerability in the popular web-based Bug tracking tool "Bugzilla" allows hackers to view the details of any undisclosed vulnerabilities.



Bugzilla is an open source bug tracking program developed by Mozilla and being used by many large organizations including RedHat, Linux Kernel, Gnome, Apache.

Vulnerability researchers at Check Point Software Technologies reported the bug to Mozilla that allows anyone to register with email address of the targeted domain (for example, admin@mozilla.com) and bypass email validation.

Researcher exploited the vulnerability and managed to create administrator accounts for the Mozilla.org, Mozilla.com and Bugzilla.org.

Gervase Markham from Mozilla wrote a detailed technical post.  The attack method appears to be "HTTP Parameter Pollution(HPP)" technique.

OWASP Definition for HPP:

"Supplying multiple HTTP parameters with the same name may cause an application to interpret values in unanticipated ways. By exploiting these effects, an attacker may be able to bypass input validation, trigger application errors or modify internal variables values."

No comments:

Post a Comment