[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org



Ha if you want to get a payout for exploit hunting, work for a security
firm. Nobody else ever pays for exploit unless they are a 0 days.
On Jun 24, 2013 9:25 PM, "Andrew Lewman" <andrew@xxxxxxxxxxxxx> wrote:

> On Mon, 24 Jun 2013 23:57:01 +0500
> Ali Hasan Ghauri <alihasanghauri@xxxxxxxxxxx> wrote:
>
> > It is Directory Listing (Apache) . An attacker can see the files
> > located in the directory and could potentially access files which
> > disclose sensitive information .
>
> This is by design. The smarter attacker would just download the website
> source in svn, https://svn.torproject.org/svn/website/trunk/.  Like any
> smart company, we have no sensitive files on our websites.
>
> > Many websites pay bug bounty to researcher who report the bug yo
> > them . Can you ?
>
> Thanks for the hint, but as these aren't bugs, nothing to report here.
>
> In the future, please don't cross lists. Pick one and stick with it.
> Thanks.
>
> --
> Andrew
> http://tpo.is/contact
> pgp 0x6B4D6475
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk