Re: 🔧 Server Info Leak: Public phpinfo() Page Detected on https://familygem.app
Intrusion Tamer
Hi Michele,
I hope you’re doing well.
I’m writing to follow up again regarding the reward for the vulnerability report. Since I haven’t heard back yet, I wanted to kindly check in — especially as the month is ending, it would be greatly appreciated if the reward could be processed now.
As mentioned earlier, I usually receive around $300 for similar reports, but of course, the final amount is completely up to your comfort and discretion. Any contribution you’re able to offer as appreciation for the time and effort invested would truly mean a lot to me.
For your convenience, my PayPal is:
mir.u...@gmail.com
Thank you once again for your time and cooperation. Your acknowledgment and support are genuinely appreciated, and I look forward to hearing from you.
Warm regards
Hi Michele,
I hope you’re doing well.
I wanted to gently follow up regarding my previous message about the reward for the vulnerability report. Since the end of the month is approaching, I kindly request if you could please consider processing the reward today. It would truly mean a lot, and I would sincerely appreciate your support.
As mentioned earlier, I usually receive around $300 for similar reports, but I completely understand that the final amount is based on your comfort and discretion. Any amount you’re able to offer as a token of appreciation is valuable to me.
For your convenience, my PayPal is: mir.u...@gmail.com.
Thank you again for your time, your cooperation, and for addressing the issue promptly. I genuinely appreciate your professionalism and look forward to hearing from you.
Best regards
On Tue, Nov 18, 2025 at 5:40 AM Intrusion Tamer <intrusio...@gmail.com> wrote:Hi Team, just following up again — it’s been quite a while since your last response, and I wanted to kindly ask for an update on the reward status for my vulnerability report.
For reference, my PayPal remains mir.u...@gmail.comThankyou. RegardsOn Fri, Nov 14, 2025 at 11:25 AM Intrusion Tamer <intrusio...@gmail.com> wrote:Hi Michele,
I hope you're doing well.
I'm following up regarding the reward for the vulnerability report. I haven’t received an update yet, so I just wanted to kindly check if you had a chance to review my previous message.
Since the weekend is approaching, it would be highly appreciated if the reward could be processed before the weekend.
For convenience, my PayPal is: mir.u...@gmail.com.Please let me know if you need any additional details from my side.
Thank you again for your time and cooperation.
Best regards
On Thu, Nov 13, 2025 at 1:54 PM Intrusion Tamer <intrusio...@gmail.com> wrote:Hi Michele,
I appreciate your quick response and confirmation that the issue has been fixed.
I usually receive around $300 for similar vulnerability reports; however, it completely depends on your discretion and how much you’re comfortable offering.
You can send the reward via PayPal: mir.u...@gmail.com — it would be highly appreciated if you could make it as soon as possible.
Thank you again for your time and cooperation.
Best regards
On Thu, Nov 13, 2025 at 2:10 AM Michele Salvador <chico...@gmail.com> wrote:Hi Intrusion Tamer,thank you for reporting the phpinfo() issue.
Fixed just removing the file.
How much are you expecting to be rewarded for this service?Michele
On 11/11/2025 8:41 AM, Intrusion Tamer wrote:
Dear Team,
I hope you're doing well. I wanted to follow up on the vulnerability I reported. I understand that security assessments and fixes take time, and I truly appreciate your team's efforts in addressing these issues.
Please confirm your interest if you are willing to fix the issue to avoid further follow-ups. If you have already fixed the issue, please let us know, and we will proceed with retesting.
As a security researcher, I responsibly reported this vulnerability to help secure your platform. In recognition of my efforts, I expect a reward, which can be sent via PayPal or bank transfer. I would appreciate an update on this discussion as well.
Looking forward to your response.
Best regards
On Sun, Nov 9, 2025 at 9:13 AM Intrusion Tamer <intrusio...@gmail.com> wrote:
Severity: Medium
Bug Name: PHPInfo Exposure
Website: https://familygem.app
PoC URL: https://familygem.app/phpinfo.php
Description:
Your server hosts a public phpinfo() script which displays detailed environment configuration including PHP version, paths, and sensitive settings.
Impact:
- Enables detailed reconnaissance.
- May expose internal components used in app architecture.
- Useful for chaining with other vulnerabilities.
Suggested Fix:
- Remove or restrict access to phpinfo scripts.
- Implement access controls or firewall restrictions.
- Conduct code audits to remove unused debug utilities.
White Hat Note:
Our goal is to make the internet safer through responsible testing and reporting. We are glad to help secure your site and hope it brings peace of mind. We would appreciate hearing about reward or acknowledgment you may offer.
Intrusion Tamer
Just a gentle follow-up regarding the reward — since the new month has started, I kindly request that you send it at your earliest convenience to PayPal: mir.u...@gmail.com
Intrusion Tamer
I hope you're doing well.
I’m writing to follow up again regarding the vulnerability report I submitted. Another weekend is approaching, and since it has now been several weeks without an update, I kindly request that you please review my previous message.
I invested significant time and effort into responsibly disclosing the issue, and I truly appreciate the acknowledgment and support you have shown in the past. I sincerely request that you please consider my reward today, as the new month has started and I urgently need the amount.
Please don’t let the efforts I put into this disclosure go to waste.
Your cooperation and timely response would mean a lot.
For your convenience, my PayPal email is:
mir.u...@gmail.com
Thank you once again. I look forward to hearing from you soon.
Warm regards