Closed Bug 890444 Opened 11 years ago Closed 11 years ago

XML-RPC Pingback Vulnerability in b.m.o

Categories

(Websites :: other.mozilla.org, defect)

Product:
Websites
Component:
other.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 869146

People

(Reporter: securityexpert, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36

Steps to reproduce:

Hi 
My name is Ehraz Ahmed and i've Found a Word Press XMS-RPC Pingback Vulnerability in https://blog.mozilla.org/mrbkap/

here is the POC- 

Here are the 2 Vulnerability POC Found in Mozilla:-

https://blog.mozilla.org/mrbkap/xmlrpc.php
http://hacks.mozilla.org/xmlrpc.php

Please reply back fast
It would be great if i get an acknowledgement and a bounty for reporting this vulnerability.



Actual results:


There are many exploits for XML-RPC in the web, You can use this for Remote code execution, Port Scanning, and more. 
You just need to send Post Requests..

Please fix this

To fix this issue, 
Please Remove the file Immediately....



Expected results:

By interfacing with the API an attacker can cause the WordPress site to port scan an external target and return results. Using a small ruby script we were able to run a port scan on external target from the affected WordPress server (Metaspoit has module for that Name “WordPress Pingback PortScanner”.)
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Group: mozilla-services-security → websites-security
Component: General → other.mozilla.org
Product: Mozilla Services → Websites
Flags: sec-bounty-
Summary: Reporting a Critical Vulnerability in Mozilla → XMS-RPC Pingback Vulnerability in b.m.o
Group: websites-security
Summary: XMS-RPC Pingback Vulnerability in b.m.o → XML-RPC Pingback Vulnerability in b.m.o
You need to log in before you can comment on or make changes to this bug.