PHP :: Sec Bug #74662 :: Multiple subdomains source code disclosure and directory browsing

Sec Bug #74662	Multiple subdomains source code disclosure and directory browsing
Submitted:	2017-05-26 21:03 UTC	Modified:	2017-05-27 05:05 UTC
From:	fryday dot kg at gmail dot com	Assigned:
Status:	Not a bug	Package:	Website problem
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fryday dot kg at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2017-05-26 21:03 UTC] fryday dot kg at gmail dot com

Description:
------------
There are 34 subdomains with .svn or .git directory available. It allows to get source code of this sites in last commited state. This disclosure a lot of information to attacker and allows to use other techniwues to attack.
Also on http://shared.php.net/ directory disclosure available.

Subdomains:
at1.php.net/.git/
de.php.net/.git/
docs.php.net/.git/
ca.php.net/.git/
de1.php.net/.git/
euk2.php.net/.git/
md.php.net/.git/
no.php.net/.git/
hk.php.net/.git/
md1.php.net/.git/
br1.php.net/.git/
id.php.net/.git/
mx1.php.net/.git/
pl.php.net/.git/
pl1.php.net/.git/
preview.php.net/.git/
se2.php.net/.git/
qa.php.net/.git/
shared.php.net/.git/
se.php.net/.git/
ua.php.net/.git/
jp2.php.net/.git/
id1.php.net/.git/
sg.php.net/.git/
us2.php.net/.git/
us.php.net/.git/
sg2.php.net/.git/
master2.php.net/.git/
master.php.net/.git/
mail.php.net/.git/
is2.php.net/.git/
is.php.net/.git/
rl.php.net/.svn/
wiki.php.net/.svn/


Expected result:
----------------
There aren't directory browsing on shared.php.net.
There aren't content of .git or .svn folders available through web or this folders deleted at all.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-05-27 03:50 UTC] pollita@php.net

-Status: Open +Status: Not a bug

[2017-05-27 03:50 UTC] pollita@php.net

Yep. In fact, if you'd like to browse any of our source code files, you can find the public repos at git.php.net and mirrored publicly at github.com/php .

We are quite an open open source project.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Jul 15 13:01:34 2025 UTC