oss-sec mailing list archives
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability
From: Vitezslav Cizek <civ () blema cz>
Date: Wed, 22 May 2013 15:29:16 +0200
* Dne Středa 22. květen 2013, 13:44:09 [CEST] Oden Eriksson napsal:
onsdagen den 22 maj 2013 13.06.18 skrev Matthias Weckbecker:Hi, has anybody possibly already confirmed this? It might also be worth to assign a CVE to this if it turns out to be a reproducible issue.Confirmed here. Needed to use "lynx -dump ...".
Are you sure? I fail to reproducet the problem. How do you use lynx? Do you prepend "http://" to the url? Otherwise lynx won't connect over network and will default to local filesystem. For example: $ lynx -dump "google.com:80/../../../../etc/passwd" wil get you you're local /etc/passwd Vita
Current thread:
- Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)