Dear Security Team,
I am a security researcher and i found out a critical file on your website that shouldn't be visible to users. Please fix it.
Vulnerable URL:
Thanks and Regards
Dear Security Team,
I am a security researcher and i found out a critical file on your website that shouldn't be visible to users. Please fix it.
Vulnerable URL:
Thanks and Regards
I am a security researcher and i found out a critical file on your website that shouldn't be visible to users. Please fix it.
Why are the critical? Why shouldnt' they be shown?
Again, these are all public files available in a git repo at https://github.com/wikimedia/labs-striker
None of them contain any private data
Hey @ROOTxDEAD - for most Wikimedia code repos and websites, config/test/doc files like these (and some other ones you've reported) are very intentionally made publicly available. I understand that other organizations and businesses might be more interested in keeping things like this locked down, but that is not the case for Wikimedia. So if you could refrain from filing security tasks of this nature, that would be great.
However, something we would care about would be any publicly-served config/test/doc files which contained obviously sensitive information such as passwords, private keys, etc. We would absolutely appreciate you reporting those to us if you happen to find any.