[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikbyBu0dxb97QfTY8h5jKYacn8z81NJ7N-MFRUR@mail.gmail.com>
Date: Tue, 25 Jan 2011 21:18:25 +0100
From: exploit dev <extraexploit@...il.com>
To: Andrew Farmer <andfarm@...il.com>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: sourceforge entry point seems still active.
Hi Andrew,
just a reminder: this breach was used by php/python/perl script for get and
save on user directory bot and remote shell. Also you could, as reported
also in owned and exposed zine, launch commands and attempt privilege
escalation. So I'm not so sure that this is not so writable as well i think
is not right sayd that is not critical.
Regards-.
On Tue, Jan 25, 2011 at 8:47 PM, Andrew Farmer <andfarm@...il.com> wrote:
> On 2011-01-24, at 12:08, exploit dev wrote:
> > Anyway, I'm sorry repeat my message. I think that this issue is a bit
> > critical but I don't receive still any feedback,
>
> It's not particularly critical by any means. SourceForge projects all have
> their own web space, and there are doubtless a bunch of them running
> vulnerable versions of software. These sites are relatively isolated, and
> don't have write access to the project's SCM or downloads.
--
http://extraexploit.blogspot.com
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists