Hello Team , I have founded vulnerability in your domain .

Vulnerability :- Sensitive Information Disclosure

Affected URL :- https://www.python.org/ftp/

Qualitative Severity Information :- HIGH

Vulnerability Descriptions :- Directory Traversal To Python Mail servers By FTP.

Steps To Reproduce :-

1. Open this URL :- https://www.python.org/ftp/python/

2. In this you will see many directories that are disclosing .

3. Open Mail Directory you will find many mails , this is the URL :- https://www.python.org/ftp/python/mail/

4. Click on any mail , it will automatically download the mail in gunzip format.

5. For Kali Users , type this command :- gunzip filename

6. After gunzip type this command in kali konsole :- leafpad filename , you will now see your python company mails that are hosted on FTP Protocol .

Note :- If you can't understand how to do it , you can mail me i will then send POC video .

Remediation :- Prevent this information from being displayed to the user.

Thanking You,

Manpreet Singh

(Security Researcher)

_______________________________________________
docs mailing list -- docs@python.org
To unsubscribe send an email to docs-leave@python.org
https://mail.python.org/mailman3/lists/docs.python.org/
Member address: mariatta@python.org