[tor-talk] Directory Listing (Apache) Bug Found on torproject.org
Andrew Lewman
andrew at torproject.is
Tue Jun 25 01:20:04 UTC 2013
On Mon, 24 Jun 2013 23:57:01 +0500
Ali Hasan Ghauri <alihasanghauri at hotmail.com> wrote:
> It is Directory Listing (Apache) . An attacker can see the files
> located in the directory and could potentially access files which
> disclose sensitive information .
This is by design. The smarter attacker would just download the website
source in svn, https://svn.torproject.org/svn/website/trunk/. Like any
smart company, we have no sensitive files on our websites.
> Many websites pay bug bounty to researcher who report the bug yo
> them . Can you ?
Thanks for the hint, but as these aren't bugs, nothing to report here.
In the future, please don't cross lists. Pick one and stick with it.
Thanks.
--
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
More information about the tor-talk
mailing list