Closed Bug 1612039 Opened 5 years ago Closed 5 years ago

g-fox.cn存在 .DS_Store文件导致信息泄露

Categories

(Mozilla China :: General, defect)

Product:
Mozilla China
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: zhoucheng, Assigned: hyang)

Details

(Keywords: reporter-external)

Attachments

(1 file)

下载的文件
204.19 KB, application/x-zip-compressed
Details
Attached file 下载的文件

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36

Steps to reproduce:

我发现在g-fox.cn中存在.DS_Store文件。
http://g-fox.cn/chinaedition/addons/cpmanager/.DS_Store

Actual results:

使用ds_store_exp.py解析.DS_Store文件并递归下载文件。
C:\Users\admin\Desktop\ds_store_exp-master>python2 ds_store_exp.py http://g-fox.cn/chinaedition/addons/cpmanager/.DS_Store
[200] http://g-fox.cn/chinaedition/addons/cpmanager/.DS_Store
[200] http://g-fox.cn/chinaedition/addons/cpmanager/update.rdf
[!] [Errno 2] No such file or directory: u'g-fox.cn/chinaedition/addons/cpmanager/update.rdf/.DS_Store'
[200] http://g-fox.cn/chinaedition/addons/cpmanager/cpmanager-1.2.12.xpi

Expected results:

删除 .DS_Store文件

Assignee: nobody → hyang

.DS_Store文件已删除。

reporter requested a bounty in mail to the security alias. I don't believe the Mozilla China sites are covered (g-fox.cn doesn't appear on the "eligible" list) but flagging for review just in case.

Flags: sec-bounty?

The bounty committee determined that this does not meet the criteria for a bug bounty.

Flags: sec-bounty? → sec-bounty-
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: