Closed Bug 947628 Opened 11 years ago Closed 11 years ago

Cross Site port attack/Server Side request Forgery

Categories

(Cloud Services :: General, defect)

Product:
Cloud Services
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 869146

People

(Reporter: nitingoplani88, Unassigned)

Details

(Whiteboard: [site:blog.mozilla.org][reporter-external])

Attachments

(1 file)

mozilla xmlrpc.jpg
114.10 KB, image/jpeg
Details
Attached image mozilla xmlrpc.jpg 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release)
Build ID: 20131112160018

Steps to reproduce:

1- Send POST Request to enumerate the allowed methods:

<methodCall>
<methodName>system.listMethods</methodName>
</methodCall>

2- You will find pingback.ping method


Actual results:

It enumerating the methods


Expected results:

It should not be publicly allowed
Group: mozilla-services-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Flags: sec-bounty-
Resolution: --- → DUPLICATE
Whiteboard: [site:blog.mozilla.org][reporter-external]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: