[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Vulnerability in sourceforge.net
- To: Alexander <Pigrelax@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
- From: nicolas vigier <boklm@xxxxxxxxxxxxxxxx>
- Date: Wed, 21 Jul 2004 10:00:28 +0200
On Wed, 21 Jul 2004, Alexander wrote:
> Vulnerability in sourceforge.net.
>
> Remote user can read any files. Example:
Any file the webserver account can read.
> http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local
> /apache/conf/httpd.conf
This is not a vulnerability in sourceforge, but in on of the project's
webpage. And anyone with a project on sourceforge can read the same
files using his webspace.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html