Closed Bug 947628 Opened 11 years ago Closed 11 years ago

Cross Site port attack/Server Side request Forgery

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 869146

People

(Reporter: nitingoplani88, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [site:blog.mozilla.org][reporter-external])

Attachments

(1 file)

mozilla xmlrpc.jpg 11 years ago nitingoplani88 114.10 KB, image/jpeg		Details

nitingoplani88

Reporter

Description

•

11 years ago

Attached image mozilla xmlrpc.jpg — Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release) Build ID: 20131112160018 Steps to reproduce: 1- Send POST Request to enumerate the allowed methods: <methodCall> <methodName>system.listMethods</methodName> </methodCall> 2- You will find pingback.ping method Actual results: It enumerating the methods Expected results: It should not be publicly allowed

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

11 years ago

Group: mozilla-services-security

Status: UNCONFIRMED → RESOLVED

Closed: 11 years ago

Flags: sec-bounty-

Resolution: --- → DUPLICATE

Whiteboard: [site:blog.mozilla.org][reporter-external]

David Lawrence [:dkl]

Updated

•

1 year ago

Keywords: reporter-external

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Cross Site port attack/Server Side request Forgery

Categories

(Cloud Services :: General, defect)

Tracking

(Not tracked)

People

(Reporter: nitingoplani88, Unassigned)

References

Details

(Keywords: reporter-external, Whiteboard: [site:blog.mozilla.org][reporter-external])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Attachment

General

Description

File Name

Content Type