Date: Thu, 23 Sep 2021 16:30:03 +0000 From: bugzilla-noreply@freebsd.org To: doc@FreeBSD.org Subject: [Bug 258695] Local file inclusion bug Message-ID: <bug-258695-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258695 Bug ID: 258695 Summary: Local file inclusion bug Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Website Assignee: doc@FreeBSD.org Reporter: hackerookie@wearehackerone.com Created attachment 228137 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D228137&action= =3Dedit file - /etc/passwd Hello team! I have found a local file inclusion bug on your website. with which I'm abl= e to get the passwd and pwd.db file. ## Steps to reproduce 1. Visit https://ftp2.ru.freebsd.org/etc/ 2. Now you have options to download passwd and pwd.db file. # Impact The server have the vulnerability of Local file inclusion ## Mitigation - Login to the web server. - Locate the Nginx configuration template (see "Locating the Nginx configuration file") - Add the deny directive (see "The Deny Directive") to the server block of = your site's configuration - Save your changes and restart Nginx --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258695-9>