Cross Site port attack/Server Side request Forgery

RESOLVED DUPLICATE of bug 869146

Status

RESOLVED DUPLICATE of bug 869146
5 years ago
5 years ago

People

(Reporter: nitingoplani88, Unassigned)

Tracking

unspecified
Points:
---
Bug Flags:
sec-bounty -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [site:blog.mozilla.org][reporter-external])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 8344217 [details]
mozilla xmlrpc.jpg

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 (Beta/Release)
Build ID: 20131112160018

Steps to reproduce:

1- Send POST Request to enumerate the allowed methods:

<methodCall>
<methodName>system.listMethods</methodName>
</methodCall>

2- You will find pingback.ping method


Actual results:

It enumerating the methods


Expected results:

It should not be publicly allowed
Group: mozilla-services-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Flags: sec-bounty-
Resolution: --- → DUPLICATE
Whiteboard: [site:blog.mozilla.org][reporter-external]
Duplicate of bug: 869146
You need to log in before you can comment on or make changes to this bug.