Skip Menu |

This queue is for tickets about the WWW-Nike-NikePlus CPAN distribution.

Report information
The Basics
Id: 120274
Status: rejected
Priority: 0/
Queue: WWW-Nike-NikePlus
People
Owner: Nobody in particular
Requestors: sanitofficial [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
1.png
2.png

History Show all quoted text
  Thu Feb 16 10:05:40 2017 sanitofficial [...] gmail.com - Ticket created
Subject: Directory listening at niketeam.nike.com
Date: Thu, 16 Feb 2017 20:35:01 +0530
To: bug-WWW-Nike-NikePlus [...] rt.cpan.org
From: Sanit Bhiwani <sanitofficial [...] gmail.com>
Vulnerability name : Directory traversal in Spring framework Vulnerability Description : A directory traversal vulnerability that can lead to an attacker to obtain any file on the file system that was also accessible to process in which the Spring web application was running. Vulenrable URL : https://niketeam.nike.com/niketeamsports/content/ https://niketeam.nike.com/niketeamsports/ HOW To Reproduce this vulnerability : 1-> visit this URLs https://niketeam.nike.com/niketeamsports/content/ https://niketeam.nike.com/niketeamsports/ 2-> its containing list for directory files on that location POC : screenshot enclosed in attachment
Download 1.png
image/png 68.2k

Message body is not shown because sender requested not to inline it.

Download 2.png
image/png 87.7k

Message body is not shown because sender requested not to inline it.

  Thu Feb 16 10:13:32 2017 ALEXLOMAS [...] cpan.org - Correspondence added
This isn't a vulnerability in the Perl module, but should be reported via responsible disclosure to Nike directly.
  Thu Feb 16 10:13:32 2017 The RT System itself - Status changed from 'new' to 'open'
  Thu Feb 16 10:13:32 2017 ALEXLOMAS [...] cpan.org - Status changed from 'open' to 'rejected'
  Thu Feb 16 10:19:24 2017 sanitofficial [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #120274] Directory listening at niketeam.nike.com
Date: Thu, 16 Feb 2017 20:49:15 +0530
To: bug-WWW-Nike-NikePlus [...] rt.cpan.org
From: Sanit Bhiwani <sanitofficial [...] gmail.com>
can you please give me the email where i can report? On 16 February 2017 at 20:43, Alex Lomas via RT < bug-WWW-Nike-NikePlus@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=120274 > > > This isn't a vulnerability in the Perl module, but should be reported via > responsible disclosure to Nike directly. >
  Thu Feb 16 10:33:55 2017 ALEXLOMAS [...] cpan.org - Correspondence added
Show quoted text
> can you please give me the email where i can report?
You've contacted a private individual not Nike corporate IT; you'll need to speak to them directly.