Full Disclosure mailing list archives
RE: Vulnerability in sourceforge.net
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 21 Jul 2004 08:56:46 -0500
I would call that a Directory Traversal Vulnerability, if it allows a user to read files that he doesn't have permission to read. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of nicolas vigier Sent: Wednesday, July 21, 2004 3:00 AM To: Alexander Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Vulnerability in sourceforge.net On Wed, 21 Jul 2004, Alexander wrote:
Vulnerability in sourceforge.net. Remote user can read any files. Example:
Any file the webserver account can read.
http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local /apache/conf/httpd.conf
This is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)