You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/04/30 23:52:13 UTC
[Bug 64402] New: mr.vta
https://bz.apache.org/bugzilla/show_bug.cgi?id=64402
Bug ID: 64402
Summary: mr.vta
Product: Tomcat 10
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Authentication
Assignee: dev@tomcat.apache.org
Reporter: mblehkosong@gmail.com
Target Milestone: ------
Created attachment 37211
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37211&action=edit
bugzilla
mr.vta
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64402] mr.vta
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64402
--- Comment #3 from mr.vta <mb...@gmail.com> ---
Comment on attachment 37211
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37211
bugzilla
HACKED BY MR.VTA
<!>Solo Itu Ijen<!>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64402] mr.vta
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64402
--- Comment #2 from mr.vta <mb...@gmail.com> ---
Comment on attachment 37211
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37211
bugzilla
HACKED BY MR.VTA
<!>SOLO ITU IJEN<!>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [Bug 64402] New: mr.vta
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/1/20 04:49, Mark Thomas wrote:
>> Reporter: mblehkosong@gmail.com
>
> Yet another "security researcher" that failed to notice that if you
> try and upload an attachment with MIME type text/html our Bugzilla
> instances will always render it as text/plain.
>
> I'd mind less if these folks actually checked if the attack worked
> and then apologied for wasting our time when they found it didn't.
>
> I've disabled this idiot's account.
>
> I'll delete the issue shortly.
Actually, I think you should leave the issue in BZ and we can
encourage the community to laugh at them for claiming "victory" for a
hack that didn't occur.
Kinda like laughing at the small anatomy of people who "zoom bomb"
meetings.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6sTl8ACgkQHPApP6U8
pFg0nBAAyWvD3GNP974gy9RY4ur6cXlxN9sEibJ3kXGgKsIAeDD4uMdCJMTGUMOR
zh8lspJulxgdTRCacne/PUWqOL8LU2n0SLKw8VAMgH/nxeEFBd4g/zBJY4sj7918
RySlisHU6deMfvaRFMoaJu4/v2Xt9R4/GwDYFR2e4jUirqHNbIB7o+235XvNVLDe
nPeKYoPcjimTvhHyVDPS0fbr2UdlauFjxYbHhz5qvbCQqC2fDpiCNPzulZme9C4v
ZoBJPUiM3DFJG/10ix+cRPds/6RhLguWq+bYjUGZpnp4VnCt8cRDnVkr/MX8xM4g
sFGtFuRhR0gMDWNwy6yw2uyueOSzjgjsJCrbAV9lm27rGEAaGwtKUTkhYxdQlx3r
FE5gMPMlzhNqIiNNo75+1/MoqA0zPPmt3WZpGJRIKxuvGmO7bM/3pZ+6db0bgeUt
BcLtxAKp0q3zd+uK3mkBiRccasb3As6q4iSruTYB1uHD+yIpflXbgZqUGQfHnYRT
IZfjw6b5xtfAguu5EG1rihfTVsKkXiSNbFGkhacfBLWRsYYf3hXD3n6qrrvYRH5A
40hKN+4YLVGYtbU25ihpBMiAaewK81CzjyeOzMmKnXg5+GqC7/bA1bF6IxwJ75if
W4FEleeO+m+FfeP6qDy8k3Dj7w6dEUxq6aCoNd8XTjd3BtuW3JY=
=ocmV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [Bug 64402] New: mr.vta
Posted by Mark Thomas <ma...@apache.org>.
> Reporter: mblehkosong@gmail.com
Yet another "security researcher" that failed to notice that if you try
and upload an attachment with MIME type text/html our Bugzilla instances
will always render it as text/plain.
I'd mind less if these folks actually checked if the attack worked and
then apologied for wasting our time when they found it didn't.
I've disabled this idiot's account.
I'll delete the issue shortly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 64402] mr.vta
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64402
mr.vta <mb...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #37211|text/html |text/plain
mime type| |
Attachment #37211|0 |1
is obsolete| |
Attachment #37211|0 |1
is patch| |
--- Comment #1 from mr.vta <mb...@gmail.com> ---
Comment on attachment 37211
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37211
bugzilla
HACKED BY MR.VTA
<!>SOLO ITU IJEN<!>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org