Ocean West Posted December 7, 2020 Share Posted December 7, 2020 Why is this site saying my install has a vulnerability? Link to comment Share on other sites More sharing options...
Nathan Explosion Posted December 7, 2020 Share Posted December 7, 2020 (edited) How are you being told - are you testing against a site which checks for vulnerabilities or have you received an email? Edited December 7, 2020 by Nathan Explosion Link to comment Share on other sites More sharing options...
bfarber Posted December 7, 2020 Share Posted December 7, 2020 Which site is "this site"? AFAIK we don't list any vulnerabilities here for any site. Link to comment Share on other sites More sharing options...
Nathan Explosion Posted December 7, 2020 Share Posted December 7, 2020 32 minutes ago, bfarber said: Which site is "this site"? "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/ Link to comment Share on other sites More sharing options...
AlexWebsites Posted December 7, 2020 Share Posted December 7, 2020 8 minutes ago, Nathan Explosion said: "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/ I got an email from them as well about one of my IPS installations. Something was reported by: https://www.openbugbounty.org/researchers/Cyber_India/ Security Researcher Cyber_India, a holder of 5 badges for responsible and coordinated disclosure, found a Improper Access Control security vulnerability Link to comment Share on other sites More sharing options...
bfarber Posted December 8, 2020 Share Posted December 8, 2020 🤷♂️ you'd probably need to ask them what they're referring to. Link to comment Share on other sites More sharing options...
The Old Man Posted December 8, 2020 Share Posted December 8, 2020 Who knows... Perhaps if you're lucky they'll also have a relative who is an exiled Nigerian Prince who direly needs to borrow just $10 to unlock his inheritance of millions and he'll pinky promise to give you a share. IP-Gamers 1 Link to comment Share on other sites More sharing options...
Kjell Iver Johansen Posted August 2 Share Posted August 2 On 12/7/2020 at 5:05 PM, AlexWebsites said: I got an email from them as well about one of my IPS installations. Something was reported Did you evner get an answer from them about this? Got same email today - I’m on latest version… Link to comment Share on other sites More sharing options...
Marc Posted August 2 Share Posted August 2 58 minutes ago, Kjell Iver Johansen said: Did you evner get an answer from them about this? Got same email today - I’m on latest version… You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to Link to comment Share on other sites More sharing options...
Randy Calvert Posted August 2 Share Posted August 2 It’s most likely a sales pitch. “Contact me right away to protect your users.” This rings right up there with “Contact us about your car’s extended warranty.” They want you to offer them a reward for scanning and pentesting your site. Link to comment Share on other sites More sharing options...
AlexWebsites Posted August 9 Share Posted August 9 I did not but got an email as well, today. Link to comment Share on other sites More sharing options...
Marc Posted August 9 Share Posted August 9 5 hours ago, AlexWebsites said: I did not but got an email as well, today. The answer would be the same as the 2 above. You would need more information from Link to comment Share on other sites More sharing options...
Kjell Iver Johansen Posted September 11 Share Posted September 11 On 8/2/2024 at 9:53 AM, Marc said: You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to Just got a Mail from them and on my site it was php info.php that was public. I have deleted it now. Not that dangerous but anyway… This information includes the PHP version, server details, loaded extensions, environment variables, and more. An attacker can use this data to identify weaknesses in the server configuration and potentially craft specific attacks against the server. Marc 1 Link to comment Share on other sites More sharing options...
Randy Calvert Posted September 11 Share Posted September 11 If that is the best they got…. Sheesh. Absolutely not worth engaging over. teraßyte and G17 Media 1 1 Link to comment Share on other sites More sharing options...
Recommended Posts