vulnerability report

SUDHANSHU RAUT sudhanshuraut1 at gmail.com
Wed Oct 11 16:19:30 EDT 2017


# vulnerability name :-    htaccess

# vulnerability description :- this directory contains an .htaccess files
that is readable. this may indicate a
 server misconfiguration. htaccess files are designed to be persed by web
serer and should not be directly
accessable. this file could contaion sensitive info that could help an
attacker to conduct further attacks.
 its recomended to restrict access to this file.


     discovered by scripting(htaccess_File_Readable.script)





# vulnerability url :- http://www.pidgin.im/~kstange/ .htaccess


# how to reproduce this vulnerability :- goes directly to the url
http://www.pidgin.im/~kstange/ .htaccess


# POC :- refer to this screenshot mentioned below :-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/1e1280e2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: htaccess.png
Type: image/png
Size: 138468 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171011/1e1280e2/attachment-0001.png>


More information about the security mailing list