Ocean West Posted December 7, 2020 Posted December 7, 2020 Why is this site saying my install has a vulnerability?
Nathan Explosion Posted December 7, 2020 Posted December 7, 2020 (edited) How are you being told - are you testing against a site which checks for vulnerabilities or have you received an email? Edited December 7, 2020 by Nathan Explosion
bfarber Posted December 7, 2020 Posted December 7, 2020 Which site is "this site"? AFAIK we don't list any vulnerabilities here for any site.
Nathan Explosion Posted December 7, 2020 Posted December 7, 2020 32 minutes ago, bfarber said: Which site is "this site"? "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/
AlexWebsites Posted December 7, 2020 Posted December 7, 2020 8 minutes ago, Nathan Explosion said: "Open Bug Bounty" is what I have assumed is this -> https://www.openbugbounty.org/ I got an email from them as well about one of my IPS installations. Something was reported by: https://www.openbugbounty.org/researchers/Cyber_India/ Security Researcher Cyber_India, a holder of 5 badges for responsible and coordinated disclosure, found a Improper Access Control security vulnerability
bfarber Posted December 8, 2020 Posted December 8, 2020 🤷♂️ you'd probably need to ask them what they're referring to.
The Old Man Posted December 8, 2020 Posted December 8, 2020 Who knows... Perhaps if you're lucky they'll also have a relative who is an exiled Nigerian Prince who direly needs to borrow just $10 to unlock his inheritance of millions and he'll pinky promise to give you a share. IP-Gamers 1
Kjell Iver Johansen Posted August 2 Posted August 2 On 12/7/2020 at 5:05 PM, AlexWebsites said: I got an email from them as well about one of my IPS installations. Something was reported Did you evner get an answer from them about this? Got same email today - I’m on latest version…
Marc Posted August 2 Posted August 2 58 minutes ago, Kjell Iver Johansen said: Did you evner get an answer from them about this? Got same email today - I’m on latest version… You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to
Randy Calvert Posted August 2 Posted August 2 It’s most likely a sales pitch. “Contact me right away to protect your users.” This rings right up there with “Contact us about your car’s extended warranty.” They want you to offer them a reward for scanning and pentesting your site.
Marc Posted August 9 Posted August 9 5 hours ago, AlexWebsites said: I did not but got an email as well, today. The answer would be the same as the 2 above. You would need more information from
Kjell Iver Johansen Posted September 11 Posted September 11 On 8/2/2024 at 9:53 AM, Marc said: You are responding to something over 4 years old there, but the same answer would apply. You would need to ask for specifics on what they are referring to Just got a Mail from them and on my site it was php info.php that was public. I have deleted it now. Not that dangerous but anyway… This information includes the PHP version, server details, loaded extensions, environment variables, and more. An attacker can use this data to identify weaknesses in the server configuration and potentially craft specific attacks against the server. Marc 1
Randy Calvert Posted September 11 Posted September 11 If that is the best they got…. Sheesh. Absolutely not worth engaging over. G17 Media and teraßyte 1 1
Recommended Posts