Closed Bug 869146 Opened 11 years ago Closed 11 years ago

Wordpress Pingback Vulnerability on http://blog.mozilla.org

Categories

(Websites :: other.mozilla.org, defect)

Product:
Websites
Component:
other.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: prakharpd, Unassigned)

References

Details

(Keywords: sec-low, Whiteboard: [site:blog.mozilla.org])

Attachments

(1 file)

Portscan using Metasploit Module
300.81 KB, image/png
Details 
Hi,

The blog.mozilla.org is vulnerable to a recent Wordpress Pingback Vulnerability that allows a port scan using the Pingback API . You can even scan the server itself or discover some hosts on the external network using the server. It can even be abused to launch a DDoS attack.

I've attached the screenshot of Metasploit Module showing PortScan of scanme.nmap.org using blog.mozilla.org's IP.


References :
http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/
http://www.pentestgeek.com/2013/01/03/wordpress-pingback-portscanner-metasploit-module/
http://news.softpedia.com/news/WordPress-Pingback-Vulnerability-Can-be-Abused-for-DDOS-Attacks-315722.shtml|


Metasploit Module:


https://raw.github.com/zeknox/metasploit-framework/wordpress_pingback_portscanner.rb/modules/auxiliary/scanner/portscan/wordpress_pingpack_portscanner.rb
Group: mozilla-services-security → websites-security
Component: Web Site → other.mozilla.org
Product: Mozilla Services → Websites

    
    

    
  
:reed - any chance you can help confirm or deny this one?
Flags: needinfo?(reed)
OS: Windows 7 → All
Whiteboard: [site:blog.mozilla.org]
Flags: needinfo?(reed) → sec-review?
Flags: sec-review? → sec-bounty?

    
    

    
  
Any bounty for this one?

    
    

    
  
this blog was upgraded to 3.5.1 so it is no longer vulnerable.
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
raymond can you confirm and close this if confirmed?
Flags: needinfo?(rforbes)

    
    

    
  
this has been confirmed as fixed.

https://bugzilla.mozilla.org/show_bug.cgi?id=834467&sourceid=Mozilla-search
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: sec-bounty?
Flags: sec-bounty-
Flags: needinfo?(rforbes)
Keywords: sec-low
Resolution: --- → FIXED

    
  
Group: websites-security

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: