Hello Team, I hope everything is going well on your end. I wanted to politely follow up regarding the vulnerability we reported earlier.
While our main goal is to help improve your security posture, we would also welcome a reward for the vuln, should you decide to grant one. We fully understand this is not an obligation and depends entirely on your room and discretion. Your acknowledgment and appreciation mean a lot to us. Best regards On Tue, Jul 29, 2025 at 5:41 PM WhiteHat Warden <[email protected]> wrote: > Hi Team, > Just following up on the report I shared recently. I'm glad to help > improve your platform’s security and hope it proves useful. > If there’s a reward program or recognition path in place, I’d love to be > considered — it goes a long way in supporting independent researchers like > myself. > Looking forward to your response. > Best Regards > > On Mon, Jun 30, 2025 at 4:02 PM WhiteHat Warden <[email protected]> > wrote: > >> Hi Team, >> I wanted to follow up on the vulnerability I submitted. I took care to >> follow responsible disclosure practices and ensure the report was clear and >> actionable. >> If your team offers any form of reward or appreciation for valid reports, >> I’d be grateful to be considered. These gestures really encourage continued >> ethical research and collaboration. >> Thanks again for your time. >> Best Regards. >> >> On Thu, Jun 26, 2025 at 6:34 PM WhiteHat Warden <[email protected]> >> wrote: >> >>> *Severity:* Medium >>> *Bug Name:* PHPInfo Exposure >>> >>> *Website:* <https://daid.eu>https://daid.eu >>> *Affected POC:* https://daid.eu/info.php >>> >>> *Description:* >>> Your publicly accessible PHPInfo page reveals detailed server and PHP >>> environment configurations including installed modules, environment >>> variables, and file paths. Attackers can leverage this data to craft >>> targeted exploits, increasing your risk exposure. >>> >>> *Impact:* >>> >>> - >>> >>> Exposure of sensitive system and server information. >>> - >>> >>> Enables attackers to tailor attacks specifically to your environment. >>> - >>> >>> Potential stepping stone for further exploitation. >>> >>> *Suggested Fix:* >>> >>> - >>> >>> Remove or restrict access to PHPInfo pages. >>> - >>> >>> Implement authentication controls or IP restrictions where access is >>> necessary. >>> - >>> >>> Regularly review exposed information and harden server >>> configurations. >>> >>> *White Hat Note:* >>> We disclose these findings to help secure your environment. Please >>> update us once mitigated to verify and acknowledge your security >>> improvements. >>> >>
