If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

full path disclosure and click jacking vulnerability at https://ftp.mozilla.org

RESOLVED DUPLICATE of bug 1316807

Status

Websites
Other
RESOLVED DUPLICATE of bug 1316807
4 months ago
4 months ago

People

(Reporter: Mohd Aadil, Unassigned)

Tracking

unspecified
Bug Flags:
sec-bounty -

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?], URL)

Attachments

(1 attachment)

(Reporter)

Description

4 months ago
Created attachment 8869685 [details]
as you see, this discloser a full path to a resource. this information could be used in further attack scenarios like LFI or RCE and i allso test this site is also  vulnerable to clickjacking for poc i send you screenshoot have a good day

i found 
subdomain of mozilla.org  using online subdomain finder
 and i found  vulnerability . 
                 
                             for full path disclosure

step - open url and you see the dir list and you trevel dir


 
                                                       for clickjacking 

 The server didn't return an X-Frame-Options header which means that 
this website could be at risk of a clickjacking attack. 
 The X-Frame-Options HTTP response header can be used to indicate 
whether or not a browser should be allowed to render a page in a 
<frame> or <iframe>. 
 Sites can use this to avoid clickjacking attacks, by ensuring that 
their content is not embedded into other sites.
 This vulnerability affects Web Server.



 Impact:
    An attacker can host this domain in other evil site by using iframe 
and if a user fill the given filed it can directly redirect as logs to 
attacker 
    and after its redirect to your web server.. 
    its lead to steal user information too and use that host site as 
phishing of your site its CSRF and Clickjacking


POC

  Here are th steps to reproduce the vulnerability

  1.open notepad and paste the folloing code

 <html>
 <head>
 <title>Clickjack test page</title>
 </head>
 <body>
 <p>Website is vulnerable to clickjacking!</p>
 <iframe src="https://ftp.mozilla.org" width="1247" 
height="800"></iframe>
 </body>
 </html>

 2.save it as <anyname>.html eg test.html
 3.and just simply open that..
Flags: sec-bounty?

Comment 1

4 months ago
These are intended to be public sites with directory listings, to make them easy to navigate. And since there is no private data, there's nothing to clickjack.

Thank you for your submission!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1316807

Updated

4 months ago
Group: websites-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.