Closed Bug 1366460 Opened 7 years ago Closed 7 years ago

full path disclosure and click jacking vulnerability at https://ftp.mozilla.org

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1316807

People

(Reporter: rohal331, Unassigned)

References

(
URL
)

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 file)

as you see, this discloser a full path to a resource. this information could be used in further attack scenarios like LFI or RCE and i allso test this site is also vulnerable to clickjacking for poc i send you screenshoot have a good day
250.80 KB, application/x-zip-compressed
Details 
i found 
subdomain of mozilla.org  using online subdomain finder
 and i found  vulnerability . 
                 
                             for full path disclosure

step - open url and you see the dir list and you trevel dir


 
                                                       for clickjacking 

 The server didn't return an X-Frame-Options header which means that 
this website could be at risk of a clickjacking attack. 
 The X-Frame-Options HTTP response header can be used to indicate 
whether or not a browser should be allowed to render a page in a 
<frame> or <iframe>. 
 Sites can use this to avoid clickjacking attacks, by ensuring that 
their content is not embedded into other sites.
 This vulnerability affects Web Server.



 Impact:
    An attacker can host this domain in other evil site by using iframe 
and if a user fill the given filed it can directly redirect as logs to 
attacker 
    and after its redirect to your web server.. 
    its lead to steal user information too and use that host site as 
phishing of your site its CSRF and Clickjacking


POC

  Here are th steps to reproduce the vulnerability

  1.open notepad and paste the folloing code

 <html>
 <head>
 <title>Clickjack test page</title>
 </head>
 <body>
 <p>Website is vulnerable to clickjacking!</p>
 <iframe src="https://ftp.mozilla.org" width="1247" 
height="800"></iframe>
 </body>
 </html>

 2.save it as <anyname>.html eg test.html
 3.and just simply open that..
Flags: sec-bounty?
These are intended to be public sites with directory listings, to make them easy to navigate. And since there is no private data, there's nothing to clickjack.

Thank you for your submission!
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Group: websites-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: