[openssl-dev] [openssl.org #3943] Vulnerability Report
Richard Levitte via RT
rt at openssl.org
Tue Jul 14 19:10:58 UTC 2015
Problem fixed.
Thanks.
Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev mahendersingh2706 at gmail.com:
> Dear Sir / Madam ,
>
>
> This is* Mahender Singh* *Security Researcher* from *India*,
> i have found bug that i would like to share with your security team,
> this
> bug is related server file discloser, i have explain deeply as
> follows,
>
> *Vulnerability* : GIT Config
>
> *Vulnerable link *: www.openssl.org
>
> *Payload =* .git/config
>
> *then final url *= http://www.openssl.org/.git/config
>
>
> I have Attached POC as follow
>
>
> *Refer URL*
>
> http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-
> with-git-config.aspx
>
> https://blog.netspi.com/dumping-git-data-from-misconfigured-web-
> servers/
>
> https://www.owasp.org/index.php/Top_10_2013-A5
>
>
> I have given enough details of Vulnerability if you need anything else
> you
> can contact me at my mail id mahendersingh2706 at gmail
> <hackdeep2015 at gmail.com>.com
>
> Hope you will patch this as soon as.
>
> Thank You
>
> Regarding
> *Mahender Singh*
> *Cyber Security Researcher*
--
Richard Levitte
levitte at openssl.org
More information about the openssl-dev
mailing list