Full Disclosure mailing list archives
Re: Vulnerability in sourceforge.net
From: nicolas vigier <boklm () mars-attacks org>
Date: Wed, 21 Jul 2004 10:00:28 +0200
On Wed, 21 Jul 2004, Alexander wrote:
Vulnerability in sourceforge.net. Remote user can read any files. Example:
Any file the webserver account can read.
http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local /apache/conf/httpd.conf
This is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)