Closed Bug 944964 Opened 11 years ago Closed 11 years ago

i have found the login credentials for dromaeo.com..

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: divakar.divakar.k, Unassigned)

Details

Attachments

(1 file)

credentials.png
43.17 KB, image/png
Details
Attached image credentials.png
proof of concept 1.i have attached the screenshot in which i got the login credentials for dromaeo.com-->one of your sub domain 2.using this one can login to their sql database and change everything in that particular database... 3.here is the link where i got this bug... http://src.chromium.org/svn/trunk/src/chrome/test/data/dromaeo/store.php
While mysql.dromaeo.com is Internet-accessible (guessing this is on purpose so browser vendors can post test results to it), that username/password combo doesn't work directly (likely using IP ACLs). $ mysql -u dromaeo -pdromaeo -h mysql.dromaeo.com -D dromaeo Enter password: ERROR 1045 (28000): Access denied for user 'dromaeo'@'<my hostname>' (using password: YES) cc'ing jresig
Group: mozilla-services-security → websites-security
Component: Web Site → Other
Product: Mozilla Services → Websites
kk
Do we need to keep this bug? If so who should it be assigned to?
Flags: needinfo?(reed)
Just going to close this out as invalid... This seems on purpose. Opening bug up.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Flags: needinfo?(reed)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: