Full Disclosure mailing list archives
Bytehoard File Disclosure VUlnerability Sequel
From: Chris Sharp <illectro2001 () yahoo com>
Date: Mon, 27 Oct 2003 18:09:10 -0800 (PST)
So I'm sure this passed over your inboxes in some form or another.... http://www.securiteam.com/unixfocus/6L00L008KE.html Just a standard directory traversal attack in an open source, fixed rapidly like any good open source project. Except that nobody really looked too hard at the software, try going to http://victim.com/bytehoard/files.inc.php and you'll find the root directory of the host machine revealsed to you, you can traverse the tree, but downloading doesn't appear to work. Kind of an embarressing bug to have in your software. Just a FYI Chris __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Bytehoard File Disclosure VUlnerability Sequel Chris Sharp (Oct 27)