Hello Team , I have founded vulnerability in your domain . Vulnerability :- Sensitive Information Disclosure Affected URL :- https://www.python.org/ftp/ Qualitative Severity Information :- HIGH Vulnerability Descriptions :- Directory Traversal To Python Mail servers By FTP. Steps To Reproduce :- 1. Open this URL :- https://www.python.org/ftp/python/ 2. In this you will see many directories that are disclosing . 3. Open Mail Directory you will find many mails , this is the URL :- https://www.python.org/ftp/python/mail/ 4. Click on any mail , it will automatically download the mail in gunzip format. 5. For Kali Users , type this command :- gunzip filename 6. After gunzip type this command in kali konsole :- leafpad filename , you will now see your python company mails that are hosted on FTP Protocol .
Note :- If you can't understand how to do it , you can mail me i will then send POC video . Remediation :- Prevent this information from being displayed to the user.
Thanking You, Manpreet Singh (Security Researcher)