Full Disclosure mailing list archives
Re: Vulnerability in sourceforge.net
From: "Buick Sk" <buick () microlink com br>
Date: Wed, 21 Jul 2004 17:31:32 -0100
Hi,
It's not a mis-configuration, this does not allow you to look at any secret file, only the files that the user nobody can read.
this not vulnerability.. only read system (capture for attack??).... I sugestion for (others) administrator test/verify if missing configuration in yours self... ;) http://btmgr.sourceforge.net/index.php3?body=../../../../../../proc/{cpuinfo,version,... /etc/passwd, /etc/{fs,mtab and etc.. information into site... good /proc/uptime this machine ;) Buick Sk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Anders B Jansson (Jul 22)
- Re: Vulnerability in sourceforge.net steve menard (Jul 22)
- Re: Vulnerability in sourceforge.net a (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net J.A. Terranson (Jul 22)