User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Steps to reproduce:
Bascilly, by going to http://viewvc.svn.mozilla.org/vc/projects/ you can view the source code of every website and project of mozilla. Not sure if this is supposed to be like this , or this is a major information disclosure vulnerability?
Actual results:
Went to http://viewvc.svn.mozilla.org/vc/projects/ and i can see all source code of all projects. No access controls at all.
Expected results:
Don’t know, maybe ask for email&password combination
Holy shit, Mozilla is open source. And mostly everything is available without any access control.
We’re all going to die!