[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Vulnerability in sourceforge.net

Hi,

> It's not a mis-configuration, this does not allow you to look at any
> secret file, only the files that the user nobody can read.

  this not vulnerability.. only read system (capture for attack??).... 
I sugestion for (others) administrator test/verify if missing configuration in
yours self... ;)

http://btmgr.sourceforge.net/index.php3?body=../../../../../../proc/{cpuinfo,version,...

/etc/passwd, /etc/{fs,mtab  and etc.. information into site...

good /proc/uptime this machine ;)

Buick Sk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html