Closed
Bug 1366460
Opened 7 years ago
Closed 7 years ago
full path disclosure and click jacking vulnerability at https://ftp.mozilla.org
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1316807
People
(Reporter: rohal331, Unassigned)
References
()
Details
(Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Attachments
(1 file)
i found subdomain of mozilla.org using online subdomain finder and i found vulnerability . for full path disclosure step - open url and you see the dir list and you trevel dir for clickjacking The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. This vulnerability affects Web Server. Impact: An attacker can host this domain in other evil site by using iframe and if a user fill the given filed it can directly redirect as logs to attacker and after its redirect to your web server.. its lead to steal user information too and use that host site as phishing of your site its CSRF and Clickjacking POC Here are th steps to reproduce the vulnerability 1.open notepad and paste the folloing code <html> <head> <title>Clickjack test page</title> </head> <body> <p>Website is vulnerable to clickjacking!</p> <iframe src="https://ftp.mozilla.org" width="1247" height="800"></iframe> </body> </html> 2.save it as <anyname>.html eg test.html 3.and just simply open that..
Flags: sec-bounty?
Comment 1•7 years ago
|
||
These are intended to be public sites with directory listings, to make them easy to navigate. And since there is no private data, there's nothing to clickjack. Thank you for your submission!
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•7 years ago
|
Group: websites-security
Flags: sec-bounty? → sec-bounty-
You need to log in
before you can comment on or make changes to this bug.
Description
•