full path disclosure in http://opensocial.org/wp-includes/ - Githubissues

OpenSocial / explorer

Tool to learn how to develop OpenSocial gadgets. #social

Apache License 2.0

34 stars 59 forks source link

full path disclosure in http://opensocial.org/wp-includes/ #98

Closed karthickumar42 closed 9 years ago

karthickumar42 commented 9 years ago

Issue 1

go to http://opensocial.org/wp-includes/ in google chrome browser
full path is disclosed in browser

solution : need to display access denied in browser

Issue 2:

Admin path is displayed in browser

go to http://opensocial.org/wp-login.php?redirect_to=http%3A%2F%2Fopensocial.org%2Fwp-admin%2F&reauth=1 in google chrome browser
Admin path is displayed in browser
Admin username : opensocial

no rate limiting in admin panel

brute force attack is possible

can i get bug bounty reward to my paypal email address : karthic.6030@gmail.com

full path disclosure

ryanjbaxter commented 9 years ago

This is not the right place to report this. The opensocial.org site has nothing to do with the OpenSocial Explorer project. You should send an email to officers@opensocial.org and report these issues.