Dear Sir / Madam ,
This is* Mahender Singh* *Security Researcher* from *India*,
i have found bug that i would like to share with your security team, this
bug is related server file discloser, i have explain deeply as follows,
*Vulnerability* : GIT Config
*Vulnerable link *: www.openssl.org
*Payload =* .git/config
*then final url *= http://www.openssl.org/.git/config
I have Attached POC as follow
*Refer URL*
http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-with-git-config.aspx
https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/
https://www.owasp.org/index.php/Top_10_2013-A5
I have given enough details of Vulnerability if you need anything else you
can contact me at my mail id mahendersingh2706@gmail
<hackdeep2...@gmail.com>.com
Hope you will patch this as soon as.
Thank You
Regarding
*Mahender Singh*
*Cyber Security Researcher*
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev