Ha if you want to get a payout for exploit hunting, work for a security firm. Nobody else ever pays for exploit unless they are a 0 days. On Jun 24, 2013 9:25 PM, "Andrew Lewman" <[email protected]> wrote:
> On Mon, 24 Jun 2013 23:57:01 +0500 > Ali Hasan Ghauri <[email protected]> wrote: > > > It is Directory Listing (Apache) . An attacker can see the files > > located in the directory and could potentially access files which > > disclose sensitive information . > > This is by design. The smarter attacker would just download the website > source in svn, https://svn.torproject.org/svn/website/trunk/. Like any > smart company, we have no sensitive files on our websites. > > > Many websites pay bug bounty to researcher who report the bug yo > > them . Can you ? > > Thanks for the hint, but as these aren't bugs, nothing to report here. > > In the future, please don't cross lists. Pick one and stick with it. > Thanks. > > -- > Andrew > http://tpo.is/contact > pgp 0x6B4D6475 > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
