[openssl-dev] [openssl.org #3943] Vulnerability Report
Mahender Singh via RT
rt at openssl.org
Thu Jul 16 14:02:29 UTC 2015
Dear Sir .
i can see in hackerone your company reward some bounty, maximum 2500$ , my
reported bug was fixed, can you tell me i got reward or not.
Thank you
Regarding
Mahender Singh
On Wed, Jul 15, 2015 at 12:51 AM, Mahender Singh <
mahendersingh2706 at gmail.com> wrote:
> Dear Sir
>
> Glad for your quick and fast response and implementation. I have heard
> about your bounty program over Hackerone. As I did ethical work I am hoping
> some bounty in good faith from your end.
>
> Thank you
> Regarding
> Mahender Singh
>
> On Wed, Jul 15, 2015 at 12:40 AM, Richard Levitte via RT <rt at openssl.org>
> wrote:
>
>> Problem fixed.
>>
>> Thanks.
>>
>> Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev mahendersingh2706 at gmail.com:
>> > Dear Sir / Madam ,
>> >
>> >
>> > This is* Mahender Singh* *Security Researcher* from *India*,
>> > i have found bug that i would like to share with your security team,
>> > this
>> > bug is related server file discloser, i have explain deeply as
>> > follows,
>> >
>> > *Vulnerability* : GIT Config
>> >
>> > *Vulnerable link *: www.openssl.org
>> >
>> > *Payload =* .git/config
>> >
>> > *then final url *= http://www.openssl.org/.git/config
>> >
>> >
>> > I have Attached POC as follow
>> >
>> >
>> > *Refer URL*
>> >
>> > http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-
>> > with-git-config.aspx
>> >
>> > https://blog.netspi.com/dumping-git-data-from-misconfigured-web-
>> > servers/
>> >
>> > https://www.owasp.org/index.php/Top_10_2013-A5
>> >
>> >
>> > I have given enough details of Vulnerability if you need anything else
>> > you
>> > can contact me at my mail id mahendersingh2706 at gmail
>> > <hackdeep2015 at gmail.com>.com
>> >
>> > Hope you will patch this as soon as.
>> >
>> > Thank You
>> >
>> > Regarding
>> > *Mahender Singh*
>> > *Cyber Security Researcher*
>>
>>
>> --
>> Richard Levitte
>> levitte at openssl.org
>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl1.png
Type: image/png
Size: 517222 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150716/3774b9ea/attachment-0001.png>
More information about the openssl-dev
mailing list