Information Discloser in https://blog.mozilla.org/
Categories
(Websites :: Other, defect)
Tracking
(Not tracked)
People
(Reporter: dev.ihac, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Attachments
(1 file)
|
425.46 KB,
application/pdf
|
Details |
CMS stands for ‘Content Management System’. It allows you to control and manage the content within your website without technical training.
Tools=Mozilla Browser
How I found this Bug I visit the site blog.mozilla.org after visit the site I edit the url as by adding the code "/wp-json/wp/v2/users" is the flaw in Wordpress Blogs earlier.
This is REST API endpoints but is not configured properly here on MOzilla Blog.
The URL's are
https://blog.mozilla.org/wp-json/wp/v2/users
https://blog.mozilla.org/wp-json/wp/v2/pages
https://blog.mozilla.org/wp-json/wp/v2/media
https://blog.mozilla.org/wp-json/wp/v2/comments(In reply to dev.ihac from comment #0)
Created attachment 9123160 [details]
I have attached the screnshoot for reference .CMS stands for ‘Content Management System’. It allows you to control and manage the content within your website without technical training.
Tools=Mozilla Browser
How I found this Bug I visit the site blog.mozilla.org after visit the site I edit the url as by adding the code "/wp-json/wp/v2/users" is the flaw in Wordpress Blogs earlier.
This is REST API endpoints but is not configured properly here on MOzilla Blog.
The URL's are
https://blog.mozilla.org/wp-json/wp/v2/users
https://blog.mozilla.org/wp-json/wp/v2/pages
https://blog.mozilla.org/wp-json/wp/v2/media
https://blog.mozilla.org/wp-json/wp/v2/comments
Hi dev.ihac, thanks for the report. This data is public.
|
||
Updated•1 year ago
|
Description
•