[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040721080028.GA17115@mars-attacks.org>
From: boklm at mars-attacks.org (nicolas vigier)
Subject: Vulnerability in sourceforge.net
On Wed, 21 Jul 2004, Alexander wrote:
> Vulnerability in sourceforge.net.
>
> Remote user can read any files. Example:
Any file the webserver account can read.
> http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local
> /apache/conf/httpd.conf
This is not a vulnerability in sourceforge, but in on of the project's
webpage. And anyone with a project on sourceforge can read the same
files using his webspace.
Powered by blists - more mailing lists