[openssl-dev] [openssl.org #3943] Vulnerability Report

Mahender Singh via RT Tue, 14 Jul 2015 11:06:09 -0700

Dear Sir / Madam ,


                This is* Mahender Singh* *Security Researcher* from *India*,
i have found bug that i would like to share with your security team, this
bug is related server file discloser, i  have explain deeply as follows,

*Vulnerability* : GIT Config

*Vulnerable link *: www.openssl.org

*Payload =* .git/config

*then final url *= http://www.openssl.org/.git/config


I have Attached POC as follow


*Refer URL*

http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability-with-git-config.aspx

https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/

https://www.owasp.org/index.php/Top_10_2013-A5


I have given enough details of Vulnerability if you need anything else you
can contact me at my mail id mahendersingh2706@gmail
<hackdeep2...@gmail.com>.com

Hope you will patch this as soon as.

Thank You

Regarding
*Mahender Singh*
*Cyber Security Researcher*

_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-...@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3943] Vulnerability Report

Reply via email to