Dear Sir Glad for your quick and fast response and implementation. I have heard about your bounty program over Hackerone. As I did ethical work I am hoping some bounty in good faith from your end.
Thank you Regarding Mahender Singh On Wed, Jul 15, 2015 at 12:40 AM, Richard Levitte via RT <[email protected]> wrote: > Problem fixed. > > Thanks. > > Vid Tue, 14 Jul 2015 kl. 18.05.17, skrev [email protected]: > > Dear Sir / Madam , > > > > > > This is* Mahender Singh* *Security Researcher* from *India*, > > i have found bug that i would like to share with your security team, > > this > > bug is related server file discloser, i have explain deeply as > > follows, > > > > *Vulnerability* : GIT Config > > > > *Vulnerable link *: www.openssl.org > > > > *Payload =* .git/config > > > > *then final url *= http://www.openssl.org/.git/config > > > > > > I have Attached POC as follow > > > > > > *Refer URL* > > > > http://blogs.msdn.com/b/bharry/archive/2014/12/18/git-vulnerability- > > with-git-config.aspx > > > > https://blog.netspi.com/dumping-git-data-from-misconfigured-web- > > servers/ > > > > https://www.owasp.org/index.php/Top_10_2013-A5 > > > > > > I have given enough details of Vulnerability if you need anything else > > you > > can contact me at my mail id mahendersingh2706@gmail > > <[email protected]>.com > > > > Hope you will patch this as soon as. > > > > Thank You > > > > Regarding > > *Mahender Singh* > > *Cyber Security Researcher* > > > -- > Richard Levitte > [email protected] > > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
