[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Vulnerability in sourceforge.net

To: Todd Towles <toddtowles@xxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net
From: nicolas vigier <boklm@xxxxxxxxxxxxxxxx>
Date: Wed, 21 Jul 2004 16:15:36 +0200

On Wed, 21 Jul 2004, Todd Towles wrote:

> I would call that a Directory Traversal Vulnerability, if it allows a user
> to read files that he doesn't have permission to read.

Yes, but your can also read theses files if you have an account on
sourceforge.net (and it's easy to get one), so that's not a very big
vulnerability. And the vulnerability does not come from sourceforge,
but from the "Smart BootManager" project's webpage hosted on sourceforge.
Anyway, it might be a good idea for them to correct this :)

It could allow someone with an account on sourceforge to put some files
on it and include them on their website to have fake pages for example.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Vulnerability in sourceforge.net
  - From: Todd Towles

References:
- Re: [Full-Disclosure] Vulnerability in sourceforge.net
  - From: nicolas vigier
- RE: [Full-Disclosure] Vulnerability in sourceforge.net
  - From: Todd Towles

Prev by Date: RE: [Full-Disclosure] Vulnerability in sourceforge.net
Next by Date: Re: [Full-Disclosure] Hacking Challenge?
Previous by thread: RE: [Full-Disclosure] Vulnerability in sourceforge.net
Next by thread: RE: [Full-Disclosure] Vulnerability in sourceforge.net
Index(es):
- Date
- Thread