[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040721233658.34A8D28B4B@ws1-1a.us4.outblaze.com>
From: danduplito at techie.com (Dan Duplito)
Subject: Vulnerability in sourceforge.net
> nicolas vigier <boklm@...s-attacks.org> wrote:
>
> It's not a mis-configuration, this does not allow you to look at any
> secret file, only the files that the user nobody can read.
well, user "nobody" has shell access (/bin/sh) and is allowed read access to /etc/passwd file and probably other system files as well.
i'm wondering if the discoverer (Alexander) already informed the authors of the app...
Powered by blists - more mailing lists