Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forwarding in results page catalog advanced search contains data #3389

Open
theroch opened this issue Jul 18, 2023 · 0 comments
Open

Forwarding in results page catalog advanced search contains data #3389

theroch opened this issue Jul 18, 2023 · 0 comments
Labels
needs investigation

Comments

@theroch
Copy link
Contributor

theroch commented Jul 18, 2023

The application responded with a redirect with HTTP status code "302 Found" whose page content had significant data volume. Typically, this page content is not displayed because the browser automatically follows the redirect.
Occasionally, redirect responses can contain sensitive data. For example, when users request a resource for which they do not have access permission, an application may issue a redirect to another resource. However, the content of the HTTP response could include the content of that resource for which they do not have access permission.
In this case, however, it is not so.

Preconditions (*)

  1. Tested with 19.4.15,
  2. PHP 7.4, doesn't matter

Steps to reproduce (*)

  1. Got to page catalog advanced search
  2. Start search for something, it doesn't matter
  3. On the results page remove all paramters of the query in the URL
  4. Enter some unknown arguments like result/?datumj%5Bfrom%5D=2&datumj%5Bto%5D=1 and hit enter

Expected result (*)

  1. 302 forwarding without containing data results
  2. Error page is shown

Actual result (*)

  1. 302 forwarding containing already data results
    Request:
1 GET /magento19/index.php/default/catalogsearch/advanced/result/?datumj%5Bfrom%5D=2&datumj%5
Bto%5D=1 HTTP/1.1
2 Host: localhost.local
3 Cookie: om_frontend=02002ph6knb19opuqclc5mp0bb
4 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
6 Accept-Language: en-US,en;q=0.5
7 Accept-Encoding: gzip, deflate
8 Referer: https://localhost.local/magento19/index.php/default/catalogsearch/advanced/
9 Upgrade-Insecure-Requests: 1
10 Sec-Fetch-Dest: document
11 Sec-Fetch-Mode: navigate
12 Sec-Fetch-Site: same-origin
13 Sec-Fetch-User: ?1
14 Te: trailers
15 Connection: close
16 Authorization: Basic c2lkd2Vic2hvcDpNMDN6dSsxODk3

Response:

1 HTTP/1.1 302 Found
2 Date: Fri, 14 Jul 2023 10:10:38 GMT
3 Server: Apache
4 Strict-Transport-Security: max-age=31536000; includeSubDomains
5 X-Powered-By: PHP/7.4.6
6 Expires: Thu, 19 Nov 1981 08:52:00 GMT
7 Cache-Control: no-store, no-cache, must-revalidate
8 Pragma: no-cache
9 Set-Cookie: om_frontend=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/magento19/; domain=localhost.local; secure; HttpOnly; SameSite=None
10 Set-Cookie: om_frontend=i77ah9bctbeta06gben6tdtl94; expires=Fri, 09-Dec-2022 11:10:39 GMT;Max-Age=3600; path=/magento19/; domain=localhost.local; secure; HttpOnly
11 Location: https://localhost.local/magento19/index.php/default/catalogsearch/
advanced/?___SID=S&datumj%5Bfrom%5D=2&datumj%5Bto%5D=1
12 Connection: close
13 Content-Type: text/html; charset=UTF-8
14 Content-Length: 107229
15
16 <!DOCTYPE html>
17 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
18 […]
19 </html>

A 302 forward should not contain data, see 20 Content-Length: 107229
3. Error page is shown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theroch @ADDISON74