[openssl-dev] [openssl.org #3943] Vulnerability Report
Mahender Singh via RT
rt at openssl.org
Tue Jul 14 18:05:17 UTC 2015
Dear Sir / Madam ,
This is* Mahender Singh* *Security Researcher* from *India*,
i have found bug that i would like to share with your security team, this
bug is related server file discloser, i have explain deeply as follows,
*Vulnerability* : GIT Config
*Vulnerable link *: www.openssl.org
*Payload =* .git/config
*then final url *= http://www.openssl.org/.git/config
I have Attached POC as follow
*Refer URL*
http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-with-git-config.aspx
https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/
https://www.owasp.org/index.php/Top_10_2013-A5
I have given enough details of Vulnerability if you need anything else you
can contact me at my mail id mahendersingh2706 at gmail
<hackdeep2015 at gmail.com>.com
Hope you will patch this as soon as.
Thank You
Regarding
*Mahender Singh*
*Cyber Security Researcher*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: git_config.png
Type: image/png
Size: 28255 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150714/0f0e4494/attachment-0001.png>
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list