Hi, The blog.mozilla.org is vulnerable to a recent Wordpress Pingback Vulnerability that allows a port scan using the Pingback API . You can even scan the server itself or discover some hosts on the external network using the server. It can even be abused to launch a DDoS attack. I've attached the screenshot of Metasploit Module showing PortScan of scanme.nmap.org using blog.mozilla.org's IP. References : http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/ http://www.pentestgeek.com/2013/01/03/wordpress-pingback-portscanner-metasploit-module/ http://news.softpedia.com/news/WordPress-Pingback-Vulnerability-Can-be-Abused-for-DDOS-Attacks-315722.shtml| Metasploit Module: https://raw.github.com/zeknox/metasploit-framework/wordpress_pingback_portscanner.rb/modules/auxiliary/scanner/portscan/wordpress_pingpack_portscanner.rb
Group: mozilla-services-security → websites-security
Component: Web Site → other.mozilla.org
Product: Mozilla Services → Websites
:reed - any chance you can help confirm or deny this one?
OS: Windows 7 → All
Any bounty for this one?
this blog was upgraded to 3.5.1 so it is no longer vulnerable.
raymond can you confirm and close this if confirmed?
this has been confirmed as fixed. https://bugzilla.mozilla.org/show_bug.cgi?id=834467&sourceid=Mozilla-search
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Duplicate of this bug: 947628
You need to log in before you can comment on or make changes to this bug.